private-key

问题 I'm trying to develop a website that performs digital signatures on client-side and then sent the signed document to the server-side. I want to do the signatures on client, due to the fact of not sending away the user's private key. This key (in theory) must be always with the user and it must not be sent to the web (even if protected with SSL, for example). I want that every platform may be able to sign the documents. I've already developed a Java Applet with the signing algorithms, but Java

问题 I created a private key and csr file with the following command openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr The two files outputted are myserver.key server.csr I uploaded the server.csr file to Network Solutions and got back 4 "crt" files. AddTrustExternalCARoot.crt OV_NetworkSolutionsOVServerCA2.crt OV_USERTrustRSACertificationAuthority.crt STAR.{mydomain}.CA.CRT How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server

问题 Is there anyway I can generate always the same private key? I tired to initialize KeyPairGenerator with a RandomSecure object which uses the same seed : private PrivateKey getPrivateKey(String seed) { try { SecureRandom sr = new SecureRandom(seed.getBytes()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024, sr); KeyPair keyPair = keyGen.generateKeyPair(); return keyPair.getPrivate(); } catch (NoSuchAlgorithmException e) { System.out.println("Failed to

问题 I'm trying to get a hold of a private key that doesn't seem to be exportable from Keychain Access.app directly on OS X, probably because it was imported with the option to make it non-extractable. What I think might work is trying to intercept the said private key when it's used by the VPN software, the web-browser or some system software for the actual PKI authentication; is there a way to do this, perhaps with DTrace? 来源： https://stackoverflow.com/questions/25044418/can-dtrace-find-non

问题 This question already has answers here : Reading elliptic curve private key from file with BouncyCastle (3 answers) Closed 2 years ago . I've generated an elliptic curve private/public key pair using OpenSSL. The private and public keys are PEM encoded. I've figured out how to load the public key thanks to this. However, I can't figure out how to load the private key, as the above message just ends up with an InvalidKeySpecException: key spec not recognized. I then found this, but it also

问题 I used Openssl to create a PKCS12 .p12 container storing a private key, server certificate and a CACertificate (Self signed) and I was able to export/parse the same successfully. But I want to know how I can add more than one Private key to the same container . For example - I have 2 sets of server certificate and 2 private keys that I need add to the single .p12 container. From that .p12 container I want to parse and extract both private keys separately along with 2 server certificates. In

问题 Question when running the following code: X509Certificate2 cert = new X509Certificate2(@"C:\file.p12", "password", X509KeyStorageFlags.Exportable); RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey; I get the following error: Keyset does not exist . I have not added the certificate to a store, is this required to be able to access the private key? 回答1: Add the X509KeyStorageFlags.PersistKeySet option to the last argument of the X509Certificate2 constructor. Otherwise,

问题 I'm starting learn OpenSSL programming in C/C++. An issue I encountered is, how could I safely wipe out the memory for private keys? For example, I may have code: EVP_PKEY *private_key = PEM_read_bio_PrivateKey( bio, ,,,) RSA *r = EVP_PKEY_get1_RSA( private_key); I'd like to wipe out private_key from memory cleanly before using EVP_PKEY_free() to free it. I'd appreciate for helps and/or your suggestions. Thanks. 回答1: EVP_PKEY *private_key = PEM_read_bio_PrivateKey( bio, ,,,) I'd like to wipe

问题 KeyInfo's isInsideSecureHardware-method's return value seems to depend on device model, os version, and some other random factors. For example when using Sony xperia z5 compact with older os version isInsideSecureHardware() could return true for some time and then suddenly start returning false for the same Private Key. With the latest os version (32.2.A.0.224) it seems to return only false. Huawei Nexus 6P returns always true. Is there a way to make sure that the key is stored in secure

问题 everyone, I am developing a web application that uses X509Certificate2 to get a private key from a certification file. Code snippet looks like following: public static RSACryptoServiceProvider GetSignProviderFromPfx() { var strFileName = "c:\cer\mycerfile.pfx"; var strPassword = "000000"; X509Certificate2 pc = new X509Certificate2(strFileName, strPassword, X509KeyStorageFlags.MachineKeySet); var ThePivateKey = pc.PrivateKey; return (RSACryptoServiceProvider)ThePivateKey; } But the statement