x509

Don't know much about encryption... Say I'm preparing a SAML request to submit to an identity provider. Why would I need to apply an x.509 certificate to this request? Is transmission over SSL alone not secure enough? Yes - SSL is enough - but SSL is only point-to-point. You cannot secure your connection using SSL if there are a few intermediaries in the way between your source and your target machine. In that case, e.g. when transmitting over the internet, you must safeguard the actual message, instead of the transport-level. That's why you need to encrypt the XML (or at least parts of it).

Any recommended crypto libraries for Java. What I need is the ability to parse X.509 Certificates to extract the information contained in them. Thanks In Java, java.security.cert.CertificateFactory. "A certificate factory for X.509 must return certificates that are an instance of java.security.cert.X509Certificate" There's a lot more in most certificates than what's handled by java.security.cert.X509Certificate . If you need to parse extension values, check out the Bouncy Castle Crypto API . (C# version is offered too.) Java doesn't need crypto libraries, it ships with that functionality

I am trying to read the RSA public and private keys files in Java. My RSA public and private key is generated using PuttyGen. (SSH-2 RSA, 1024 bits) The code I am using for reading file is: //public key pubkeyBytes = getBytesFromFile(new File(pubKeyfileName)); KeySpec pubSpec = new X509EncodedKeySpec(pubkeyBytes); RSAPublicKey pubKey =(RSAPublicKey) rsakeyFactory.generatePublic(pubSpec); //private key privkeyBytes = getBytesFromFile(new File(privKeyfileName)); PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privkeyBytes); PrivateKey privKey = rsakeyFactory.generatePrivate(privSpec); It

How to convert X.509 certificate from a hex-dump form to .CER format? Additionally, should be blank space separators removed from hex dump first? Thanks. You could use ASN.1 editor . It has a data converter that will convert HEX to PEM format of data. the source is also available so if you need to use it in code you can look how it is done. Or you could use certutil.exe using command certutil -decodehex c:\cert.hex c:\cert.cer Normally .cer can either be binary encoded - DER - or it can be DER that has an "ASCII armor", called PEM. If you want to create DER you probably only have to decode the

The sample openssl root ca config from the OpenSSL Cookbook defines the following (p40): [req] ... req_extensions = ca_ext [ca_ext] ... Later (p43), the root ca key is generated, then the root ca selfsigned cert. openssl req -new \ -config root-ca.conf \ -out root-ca.csr \ -keyout private/root-ca.key openssl ca -selfsign \ -config root-ca.conf \ -in root-ca.csr \ -out root-ca.crt \ -extensions ca_ext Isn't req_extensions redundant in this specific use case? When is req_extension really needed? frasertweedale req_extensions is used for declaring request extensions to be included in PKCS #10

Hi Iam using the OpenSSL .NET wrapper in my c# project. i want to generate an X509 certification but i don't really know the procedure. what should it contain (what parameters)...etc this is my code, I did it after looking some tests: OpenSSL.X509.X509Certificate x509 = new OpenSSL.X509.X509Certificate(); OpenSSL.Crypto.RSA rsa = new OpenSSL.Crypto.RSA(); rsa.GenerateKeys(1024, 0x10001, null, null); OpenSSL.Crypto.CryptoKey key = new OpenSSL.Crypto.CryptoKey(rsa); OpenSSL.Crypto.MessageDigestContext digest = new OpenSSL.Crypto.MessageDigestContext( OpenSSL.Crypto.MessageDigest.SHA1); I suppose

We have a valid PKCS#10 Certificate Request generated on the Client using CertEnroll. Now we need to sign it and return the result to the Client, where CertEnroll will handle the local Certificate Store stuff. This is a B2B application and the root signing certificate will be self-generated or we can use our existing Thawte SSL cert. The Server (2008) does not have Active Directory running and we don't want to create a stand-alone signing infrastructure/service for this unless absolutely necessary. There is no need for revocation etc. - we want to do it programmatically. I would be happy to

Working in Apple Swift for iOS. I have to generate this for the backend as it's a secure app. I'm new to security and certificates and have been searching for a day now with no results. How can I generate base64 url-encoded X.509 format 2048-bit RSA public key with swift? Any help is highly appreciated. Henri Normak There's a library for handling public-private key pairs in Swift that I recently created called Heimdall , which allows you to easily export the X.509 formatted Base64 string of the public key. To comply with SO rules, I will also include the implementation in this answer (so that

How can I properly create the RSACryptoServiceProvider object using an RSA private key file? I generated an RSA private key and exported it to a p12 file on OSX using the methods: openssl genrsa -out rsakey.pem 2048 openssl pkcs12 -export -out rsakey.p12 -inkey rsakey.pem -nocerts In my C# code, which runs on a Windows laptop, I am getting an error trying to instantiate the X509Certificate2 object so that I can grab the private key as an RSACryptoServiceProvider object out of it: var privateKey = new X509Certificate2(p12_file, "pass", X509KeyStorageFlags.Exportable | X509KeyStorageFlags