I'm using this library jsrsasign. I'd like to know how get this information from certificate.pem
Public Key info: RSA-2048 Bit
When I open my certificate in console, it shows me this info:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Which class/method from jsrsasign should I use to get this info?
Related
May be who know how convert rsa private key from PCKS#1 to PCKS#8 by php or java.
php create rsa key by openssl_pkey_new() in format PCKS#1.
java can work only with private key by PKCS8EncodedKeySpec in format PCKS#8.
how can i convert key from format 1 to 8 in any of these languages?
now I have found a way out only to use external commands for create rsa keys in both formats (exec("openssl ...") by php and Runtime.getRuntime().exec("openssl ...") by java).
Java(TM) SE Runtime Environment (build 17.0.2+8-LTS-86)
PHP 8.0
private key from php in pcks#1 format:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9Yd6QDqecP8c52W/WWz2GhiY/JKm2Mhc7h/kl+NAQr70nUF0
ASxLtJMVfR18PuBIoSgtTVVXBxB9bCM03Y0OtUjBzxj3Lo+dx05bGlIeC1VQ2FOF
EPSg75EG0Csjj0ctLvoer05aZpPhdfySgrVxtULCrpU7qucYDIlNsLuwCnNIdY6X
wqAcY/ZgSxNe68lFDZClE6+gVvrtoWiS3+L4aoc6oU6uQ73dUzf84NjPC4I4RElv
X1w/85H4RlEbCpgs4g62IB3qzI946Wy5wpei1kTCWaZj+GnrMHrw599ml2MrzteU
/GPov4iE1uoBKpiaM0PJ8LInrBuObL+9gP1LEQIDAQABAoIBAQDyVGuBdxmn9vLl
I9QvA88GRJ7CMlAAiAjIcavhiUaEWgn+J3rCKaDysXS1DuPw/tZQUOIdgIwricfw
cfMcc7s/i3bV2xMj3lVgP+LE4KWMlAD98bjU2kz5Bc+Op/Up1Zsv0Wd1qMSql2wg
Uk+cOE7pEuIpA1tnuzxOKzoFo8kFFYJGJtSFGsfNTW2CvWfE0d5GBVF3ASxNtqhr
dJAA8VGrLdzBbjfAZRZvnFiRekEWQ2zzoR8gPe6N9Vye3Y58tSqDoVjp6jyhLtB/
a/36FuLAR+vCz4JiVVrGXBX4BwIhqfVAamc1WnlvR0CFrza645luROohkWMzCu70
SuBiUvhRAoGBAP9I4wkE1R5GkieHwUGWEeQ3Q0y56tc7Uisdf3/U9RBHaMVGZo5U
hHynL9PKCUsfptfS/QzuWzbjX0kAVr/rIec0ayPt+vLWHLBHY4DMP2bORFB/Q3qj
sxCowGMzYiMLMNXMEMdRv/LLrOFwRo5kflMqKifbhk1BOMumSa7CPaYNAoGBAPY3
l9lmoD/JIDdadMlaqjrvHnGWiaGydEBsU4I55A+4g7fSFDy8lMtyG17rWeJoKxLH
d20aKZ5+NlbfMbMtmbqZbV0HuX/+SXVA+lTygphWZwGMc/b1Rx4dNMGPJ+Pr5R3M
GPTHNHSgLyXbYresk+X1xeOlJQ8CsnfdonD0ylwVAoGAbtwMG+KJWjhzR89gUUcG
RgDprOwf24/bQvXwZGbqdUNNcD3+U1jIoAlKb8KQ/pqkLZ1mXrMz0UY0HtOS2I0X
j/vnexbhn4rzsmmOAGSyM8bnS724ZA2quVVPFsU9nNJDRtTzhFsv7BQe41eKjFN/
uEXbQKvISsxECcwQu1+GvhECgYEAnZw4uBHZwvschFKDL+G51r/63PtgXwG9KQAu
9M3aD7Ytmx3/lmGhXhpNKxW9FBFagUruSAjXW32viyyUw/4MykYsm8C2HhjJLSXL
GVWkA6BLj9I46X1ZaQ2JF95ryprWr5xW3VonWgCwLauiJbFze2E4q+CrOFChrdlS
grwwTYECgYEAzlcKWEvAenaP3lkX0256BDQmbKeBGlqmqpO9xvrdX9ouq39BZJi1
8ZTyLJZdzhY9117ptyxcj0wdNwgUWN16XqVs7ADIRf2jAecFey/e+WjLM08+ip5w
q++Pn3f6m0GqtG/dQx0hchUMUW6PC1Wl3R9KWXlbsPCgCFdk2m5tXmg=
-----END RSA PRIVATE KEY-----
I have been given a public xml key in the following format:
<RSAKeyValue>
<Modulus>MODULUS_VALUE</Modulus>
<Exponent>EXPONENT_VALUE</Exponent>
</RSAKeyValue>
With this key I need to verify a signed message that I would receive.
I have created a keystore with keytool but I am unable to import this public key there.
Is it possible to add this public key to a blank new jks keystore that I would create?
So far I haven't been able to do exactly that. I would imply that I don't have the private key, I only have the public key in xml format.
I'm trying to upload an SSL certificate for a custom domain in Bluemix, but I'm getting a generic error:
BXNUI2081E: An unknown error occurred when modifying certificates and keys: local:///deploySNIArtifacts/mbaasUtilities.xsl:793: Type of the left-hand side of / operator must be a nodeset..
I've followed the documentation, using openssl to generate a self-signed certificate, using the wildcard form of my domain. Any ideas on what I might have missed?
Here's a slightly redacted version of the output from the certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 17167458275182091963 (0xee3f10581c919ebb)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Massachusetts, L=Littleton, O=IBM, OU=CLMServices, CN=*.clmsvcs.ibmcloud.com/emailAddress=<email removed>
Validity
Not Before: Apr 19 13:36:39 2016 GMT
Not After : May 19 13:36:39 2016 GMT
Subject: C=US, ST=Massachusetts, L=Littleton, O=IBM, OU=CLMServices, CN=*.clmsvcs.ibmcloud.com/emailAddress=<email removed>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<<data removed>>
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
<<data removed>>
The only case I've seen this error was when the private key you are using does not match the certificate.
You can run the following 2 commands to check if the private key and certificate you are trying to upload match:
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
Output from both commands needs to be the same.
This problem went away after a few days. I was able to upload the keys successfully.
I am using CXF ws secuirty to create a client to send a WS Security SOAP envelope to a thuird party. When I send the request from my local Tomcat server, I get a 200 response, however, when I deploy to websphere, I get a 500 response. I have compared the envelopes and the logs from both Tomcat and Websphere. Everything matches (the signing algorithm, the signature provider, the X509 cert). When I talked with the third party, they said the RSA Signature was invalid. The only difference I can find is the "Signing with key" log. On websphere the key appears to be provided by a different package. Is this the issue? If so, how do I fix it?
Websphere log:
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: com.ibm.crypto.provider.RSAPrivateCrtKey
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA
Tomcat log (I removed some of the values):
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signature provider:BC version 1.4
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - Signing with key: RSA Private CRT Key
modulus: --removed value--
public exponent: --removed value--
private exponent: --removed value--
primeP: --removed value--
primeQ: --removed value--
primeExponentP: --removed value--
primeExponentQ: --removed value--
crtCoefficient: --removed value--
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod - JCA Algorithm: SHA256withRSA
I found it. The default in Websphere is to have the WS-Security comply with the BSP (Basic Secuirty Provider). According to a blog post I read (still need to do some research) when this is enabled, additional information get's added to the KeyInfo of the request. You can disable it in the client by adding this code to the outgoing port. (replace "port" with whatever your port is called).
Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
ctx.put(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
I have a program that create self-sign certificate of RSA algorithm.
The problem is that if I create certificate of RSAES OAEP parameters,
when I open the certificate I see that the size of the public key is 0 bits .
Do anyone know what is the problem?
I already checked that the ASN 1.0 Encoding of the RSA OAEP Pararmeters is ok.
And if I create certificate RSA without OAEP Parameters than the size of the public key is present ok (not as 0 bits).
I checked in the internet and I didn’t find any certificate of RSA with OAEP pararms for example to compare with my certificate.
I will be glad for any suggestion.
This is the certificate in PEM File:
-----BEGIN CERTIFICATE-----
MIIFyzCCA7OgAwIBAgIDMaTyMA0GCSqGSIb3DQEBBAUAMG0xETAPBgNVBAMTCFN0YW0gSXNo
MRQwEgYDVQQHEwtQZXRhaCBUaWt2YTEPMA0GA1UECBMGSXNyYWVsMQwwCgYDVQQKEwNBUlgx
FjAUBgNVBAsTDVByaXZhdGVTZXJ2ZXIxCzAJBgNVBAYTAklMMB4XDTAwMDEwMTEwMDAwMFoX
DTk5MTAxMzIxNTYxNVowbTERMA8GA1UEAxMIU3RhbSBJc2gxFDASBgNVBAcTC1BldGFoIFRp
a3ZhMQ8wDQYDVQQIEwZJc3JhZWwxDDAKBgNVBAoTA0FSWDEWMBQGA1UECxMNUHJpdmF0ZVNl
cnZlcjELMAkGA1UEBhMCSUwwggJnMFIGCSqGSIb3DQEBBzBFoA8wDQYJYIZIAWUDBAIBBQCh
HDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiFDASBgkqhkiG9w0BAQkEBVRDUEEAA4IC
DwAwggIKAoICAQCizEvm86uS4/f8e7EC81OqNK+fIoCWOYJdc7iDNEbI+7l9C/zD//KiETMD
x1V4WgBXvhokc05a0oLdJ8MlcTFUGsmrX8mxesGnY87wVeJBJ+jPQipZ+ZoA16U9d4xOQU8b
erXUf+w6VFwoL4M3jLyL2lspHiMJPagsukxjzh1Dj/xA6tIVsSnJkffDyRC9l267pP1mXi2u
vAT4zhSX1FLtoO3XkJ0pJarIyJeTnBLMQ5ga1gnDmUFve4tI/cLbb9fxeTF7zA+XNrTTdYrY
9zkiMXBvnT7h0ZpGhfvobC7ULbmO/XyR3tVmuMoTu9mwNgjwCgp5f5Jt7cZbUJNbBateglcv
+Gb9FjFjneCRU4adN87GpyAMfclq5MIO+KCoRWSDRbL/6exYMf0sE3g4ARSru/7Wm82xITNA
fRn2qDErR421SiiuwkIlh97eiyfYeEb+n5eSOr1Qscr+tXOpEuArBDPzg0g5fo0dgomAVZvK
hwfOS+URUmobRPuUN5ecB4dALBJkkN02qaGkCXZmzWicnheXmhTYe3og0fQpajFXUwgwguXl
CDfy91Tn9PBYdRs0G0/gkiRABTP3sZvG3ru9I20W9tdfvN3NssBb+2AadRhSvpgP1wkHIVmZ
/VOQN893TdmaS+WQOiocxh2LxJv7QeC8j8fi9k8LTeM4JCqJ0wIDAQABoy8wLTArBgNVHRAE
JDAigA8xOTk4MDEwMTA4MDAwMFqBDzIwMDAwMTAxMDgwMDAyWjANBgkqhkiG9w0BAQQFAAOC
AgEAODPOHhl4J519jEExA2TIwSWLC23lloBQQPJysE0gelbyTv3xGVmJJZF+JAGvxrkvYado
UMPc9pBF57RsB7tznhCHpcYpSRcEIEArZoxfiVkevheLsm9/gyd5RA/oD6xx8WZBFFjHW+fs
urdJPEfR0lBHGmOKBKTa9aeqwJ5Bfi6Rm6/OvbalWBgZh2+5KYhdtMZH7JnsCCR6ZrJzLp8D
uo5M0iIQ/J6D9pDsPBmYK3/P/c7mVhLhjUBtqelkRGO690VzoBykf9MsWE3IT58gq1Av3dGe
J1LSgijha65s/A+l7zEC0fL7UFSXUnNCghEz+PkpcO14wFeg9UIypM0R85IOO0PBg4FVLACT
hmBmFFJCDOCgMwO+xMQZE+eG5gOEUgESHaQfEUoU7JxPHYB/9Xxl2G69nHr2Fx0KuLrjnrym
SgrFubQ3d+XuSTLxr/Lr7gl7EZP68uEsPcw2CXXdpsq4pvmVbrNspfHGn9SimFkEA8qmPqkt
4wiUPCwLkvY+qZ55JnmtPWoeaekJDx7iox0TtiHlQH6Y+/Rl18zU0lITePKPbc5thPZjiwIl
rR5O1PYzlIzE9m/7mFNitIAR2CixJRNiykgz5Q2gjYu4itmb2aHE1UuzK2mORny2gYnG7mdr
dD2y8hDouRCuxND/kkfdDyspGSRQcnqnmpkt7nQ=
-----END CERTIFICATE-----
Public key is 4096 bits long in the attached certificate. Using MD5 hash with 4k keys is very strange combination as MD5 hash is too weak and all strength of 4k key is eliminated by weakness of a hash.