Impossible to import a private key RSA 2048 bits for Cisco SG500 SSL certificate,

Similar Questions

• Your computer has been locked and all your files encrypted with RSA 2048-bit encryption.

  My computer has been hit by a ransomware (which is reported by Palo Alto Networks March 4, http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infect es-transmission-bittorrent-client-...)

  What should I do to save my files?

  And how to remove the virus permanently?

  If you do not have a backup that has not been attached while the virus was busy to encrypt your data, I think it's too late now.

  To be absolutely sure that there is nothing left on the computer, the only way is from scratch.

• Impossible to go from Vista Home Premium 32-bit for Windows 7 Ultimate 32 bit

  I ran all the checks until I bought my upgrade from Amazon and should have been able to upgrade. I even added RAM memory while I have 3 GB of RAM. I put in the disc of Windows 7 Ultimate and it starts but just goes to "save temporary files" and stays there. It is not go further. I got on the phone twice with Microsoft technology and I did everything that they told me nothing does not. They tell me that I have to do a "clean" installation Why Microsoft cannot fix this problem? Now I have to return the disks to upgrade and install pay $100.00 more for the own. What a pain. Any ideas before returning the updated version?

  Tip, you can clean installs the with the upgrade disk.

  1 disable any security software before attempting to upgrade

  2. make sure that your computer is updated (devices and applications)

  3. disconnect all external devices before installing.

  4. check your hard disk for errors:

  Click Start

  Type: CMD, according to the results, right-click CMD

  Click on "Run as Administrator"

  At the command prompt, type: chkdsk /f /r

  When you restart your system, your computer will be scanned for errors and will try to correct them.

  1. click on start, type msconfig in the search box and press ENTER.

  User account control permission

  If you are prompted for an administrator password or a confirmation, type the password, or click on continue.

  2. in the general tab, click Selective startup.

  3. under Selective startup, clear the check box load startup items.

  4. click on the Services tab, select the hide all Microsoft Services check box, and then click Disable all.

  5. click on OK.

  6. When you are prompted, click on restart.

  7. after the computer starts, check if the problem is resolved.

  Also run the Windows 7 Upgrade Advisor:

  http://www.Microsoft.com/Windows/Windows-7/Upgrade-Advisor.aspx

• Private key certificate - an internal error has occurred... Win7

  I'm trying to import a private key certificate (.pfx) file into the personal certificate of the local computer (win7) store. Here's my problem: an internal error has occurred. This can be either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system. Any idea?

  A box of Win 2003 and then export import worked for me, when you try to import a .pfx file in a Windows Server 2008 R2 x 64 box.  Thanks a lot for the post!

• Invalid key exception: no type of key: public key RSA Sun, 1024 bits

  I'm trying to recover Microsoft Keystore certificates and extract its key using SunMSCAPI in the jdk 1.6. It gives me an exception for invalid key when I try to wrap the symmetric key (what was once to perform AES encryption on data), using the RSA algorithm.
  
  Code snippet:

             // RSA 1024 bits Asymmetric encryption of Symmetric AES key              
              // List the certificates from Microsoft KeyStore using SunMSCAPI.
                    System.out.println("List of certificates found in Microsoft Personal Keystore:");
  
                     KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); 
                     ks.load(null, null) ;
                     Enumeration en = ks.aliases() ;
                     PublicKey RSAPubKey = null;
                     Key RSAPrivKey = null;
                     int i = 0;
                     while (en.hasMoreElements()) {
                          String aliasKey = (String)en.nextElement() ;              
                          X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey) ;     
                          String sss = ks.getCertificateAlias(c);
                          if(sss.equals("C5151997"))
                          {
                          System.out.println("---> alias : " + sss) ;
                          i= i + 1;
                          String str = c.toString();
                          System.out.println(" Certificate details : " + str ) ;
                        RSAPubKey = c.getPublicKey();
                          RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
                          Certificate[] chain = ks.getCertificateChain(aliasKey);     
                          }
                     }
                     
                     System.out.println("No of certificates found from Personal MS Keystore: " + i);
                  
              // Encrypt the generated Symmetric AES Key using RSA cipher      
                      Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());            
                     rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
                     byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);    
                     System.out.println("Encrypted Symmetric Key :" + new String(encryptedSymmKey));
                     System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
                     
                     // RSA Decryption of Encrypted Symmetric AES key
                     rsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
                     Key decryptedKey = rsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);

  Output:
  
  List of certificates in Microsoft personal Keystore:
  -> alias: C5151997
  Certificate details:]
  [
  Version: V3
  Object: CN = C5151997, O = SAP - AG, C = OF
  Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  
  Key: Sun public key RSA 1024 bits
  modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
  public exponent: 65537
  Validity: [from: Mon Jan 24 18:17:49 IST 2011,]
  [To: Wed Jan 23 18:17:49 IST 2013]
  Issuer: CN = SSO_CA, O = SAP - AG, C = OF
  Serial number: [4d12c509 eb85 00000005]
  
  Certificate extensions: 6
  [1]: ObjectId: 2.5.29.14 criticality = false
  [SubjectKeyIdentifier
  [KeyIdentifier
  0000: 07 E5 83 A1 B2 B7 DF 6 b 4 b 67 1 and 9 D 42 C9 0 D F4... kKg... A.M..
  0010: 35 76 D3 F7 5v...
  ]
  ]
  
  [2]: ObjectId: 2.5.29.35 criticality = false
  [AuthorityKeyIdentifier
  [KeyIdentifier
  0000: E4 C4 2 93 20 AF DA 4 C 53 68 4A C0 CE E7 F2, 30. .. L.ShJ... 0
  0010: 0C 3 B 8 C 9 A. ;.
  ]
  
  ]
  
  [3]: ObjectId: 1.3.6.1.4.1.311.21.7 criticality = false
  Unknown extension: coded DER BYTE string =
  0000: 04 30 30 2 06 26 2 b 06 01 04 01 82 37 15 08 82.00... & +... 7...
  0010: D1 E1 73 E4 84 FE 0B FD 84 8 B 15 83 E5 1B 90 83... s.............
  0020: 43 81 62 84 B1 A1 E6 DA 50 14 02 01 64 02 9TH D3... C.b... P...d.
  0030: 01 1B...
  
  
  [4]: ObjectId: 2.5.29.17 criticality = false
  [SubjectAlternativeName
  RFC822Name: [email protected]
  ]
  
  [5]: ObjectId: 2.5.29.15 criticality = true
  [KeyUsage
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  ]
  
  [6]: ObjectId: 2.5.29.19 criticality = true
  BasicConstraints:]
  CA:false
  PathLen: undefined
  ]
  
  ]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: B3 C5 8 66 92 F4 CC D7 ED 6 51 12 63 52 18 B9... f... mQ.c... R.
  0010: B8 A6 78 7 78 18 ED F7 DA 71 09 AE 49 23 C8 C9... .. x...x. q... I have #.
  0020: F5 2F 32 0F D1 C0 08 4 2 B 6 D 3 C B9 5F 5B B5 11. 2 /... L + m <... _ [.]
  0030: 05 D9 CA E6 F9 0 a 94 14 E7 C6 7 a 63 DB FE E5 CE... z.c...
  94 0040:48 8 c 0D 77 92 59 34 6 77 1 a 24 FE E3 C1 H...w. Y .4nw$...
  0050: 0 B 52 6 D8 HAS 7TH 22 13 71 F8 AF 17 64 4F C8 D1 D7... RJ. ». q... dO
  0060: 83 EA 2D 6a CA 7F C3 84 37 15 FE 99 73 1 D 7 C D1... - j... 7... s...
  0070:6 B4 99 09 62 B9 0F 18 33 4 66 C6 7 a 9F C0 DB m... b... 3L. FZ...
  
  ]
  None of the found certificates in personal key MS: 1
  Exception in thread "main" java.security.InvalidKeyException: unsupported key type: RSA Sun public key, 1024 bits
  modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
  public exponent: 65537
  at sun.security.mscapi.RSACipher.init(RSACipher.java:176)
  at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:129)
  at javax.crypto.Cipher.init(DashoA13*..)
  at javax.crypto.Cipher.init(DashoA13*..)
  at com.sap.srm.crpto.client.applet.CryptoClass.main(CryptoClass.java:102)
  
  Published by: sabre150 on July 18, 2011 03:47
  
  Added [code] tags to make the code readable.

  A little research indicates the key classes gets by

                        RSAPubKey = c.getPublicKey();
                             RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
  

  are sun.security.rsa.RSAPublicKeyImpl and sun.security. * mscapi *. RSAPrivateKey. It seems that Cipher objects from the SunMSCAPI provider cannot accept class sun.security.rsa.RSAPublicKeyImpl RSA public keys and that the SunMSCAPI will accept only class sun.security.mscapi.RSAPrivateKey RSA private keys.

  This came in another form a couple of years. It makes sense because the packaging/encryption with a public key does not represent a security problem (there no secret in cryptographic operations) once done outside MSCAPI can use any provider who has the ability , BUT unpacking/decryption must be done with the SunMSCAPI provider which it delegates to the MSCAPI.

  My test code of work based on your code for implementation of this approach is:

          // RSA 1024 bits Asymmetric encryption of Symmetric AES key
          // List the certificates from Microsoft KeyStore using SunMSCAPI.
          System.out.println("List of certificates found in Microsoft Personal Keystore:");
  
          KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
          ks.load(null, null);
          Enumeration en = ks.aliases();
          PublicKey RSAPubKey = null;
          Key RSAPrivKey = null;
          int i = 0;
          while (en.hasMoreElements())
          {
              String aliasKey = (String) en.nextElement();
              X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey);
              String sss = ks.getCertificateAlias(c);
              if (sss.equals("rsa_key")) // The alias for my key - make sure you change it back to your alias
              {
                  System.out.println("---> alias : " + sss);
                  i = i + 1;
                  String str = c.toString();
                  System.out.println(" Certificate details : " + str);
                  RSAPubKey = c.getPublicKey();
           System.out.println(RSAPubKey.getClass().getName());
                 RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
          System.out.println(RSAPrivKey.getClass().getName());
                  Certificate[] chain = ks.getCertificateChain(aliasKey);
              }
          }
          System.out.println(ks.getProvider().getName());
          System.out.println("No of certificates found from Personal MS Keystore: " + i);
          Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//, ks.getProvider().getName());       !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
          byte[] keyBytes =
          {
              1, 2, 3, 4, 5, 6, 7, 8, 2, 3, 4, 5, 6, 7, 8, 9
          };
          SecretKey aeskey = new SecretKeySpec(keyBytes, "AES");
          byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);
          System.out.println("Encrypted Symmetric Key :" + Arrays.toString(encryptedSymmKey));
          System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
  
          // RSA Decryption of Encrypted Symmetric AES key
          Cipher unwrapRsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());       //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
          unwrapRsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
          Key decryptedKey = unwrapRsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);
          System.out.println("Decrypted Symmetric Key :" + Arrays.toString(decryptedKey.getEncoded())); // Matches the 'keyBytes' above
  

• out-of-range security question: export a certificate with the private key

  Salvation of the Forumers

  As above mention of title, if we do PKI, we you get invovle with certificate.

  When I made an express unit WLC and ACS, where the appliances doesn't come with generate CSR function... So we use openSSL for it.

  To clear my curiosity, why we need to export the private key certifiate wit? Itsn can't the private key cannot publish to the public?

  Thank you

  Noel

  Because two devices act as a server, and you would need to have the private key of the server. However, you do not have the private key to all customers for sure you mentioned you need to provide the public key to the client, not the private key only. Private key should only be stored on the server, and in this case, the two devices are the server.

• Using keys with 4096 bit RSA encryption

  Hello

  I would use encryption RSA 4096 bit on BB device (for the test I use BB 8300 with 4.5.0.52 b75 OS).

  Is this possible?  I am getting exception in this code:

  RSAKeyPair sampleKeyPair;
  sampleKeyPair = new RSAKeyPair (new RSACryptoSystem (4096));

  Change of 4096 by 2048 solve this exception, but it is not the solution for me.

  Thank you.

  I answer myself.

  After reading "Blackberry Enterprise Soluttion Security, Technical Overview", I found that I can use the 4096 bit encryption algorithm, but key generation is limited to 2048-bit (probably performance issue).

  If the problem was not with

  new RSACryptoSystem (4096)

  but with the generation RSAKeyPair.

  I had received an RSA private key from outside, so I need to generate a (at least in the current state of the project I'm working on)

  I'm really curious to know, if someone know how to generate 4096 bit RSA key.

• ISE error 'private key is unprotected.

  I have two nodes ISE PSN I import certificates DigiCert ID on.

  On each node, it worked as it should, but on the other, I get:

  "" Private key validation failed: the password is invalid or the private key is not protected ".

  This is a certificate SAN for CSR is manufactured in OpenSSL from .csr and .pvk EHT.

  To make sure that I had not messed up the password, I generate a new CSR in OpenSSL, and the password is correct.

  What is the meaning of 'the private key is not protected '?

  What could be the certificate?

  I have check the certificate in OpenSSL with

  OpenSSL x 509 - in ise01digi.crt - noout-text

  Tanks

  Mikael

  Hello

  I met the same problem with private being badly protected key.

  I solved it by encoding the private key to the DER instead of PEM format.

  the command would be similar to:

  OpenSSL rsa - in [-pass pass:]-outform DER-des3-out [-passout pass:]

  I encrypted my private key with a password. That's why passin'/passout arguments are enclosed in brackets.

  And to make sure that I don't get an error again once I also used on the key 3DES encryption.

  HTH,

  Patrick

• Private key does not match cert.

  Hello

  I just bought certificates to an authority important cert for my area of work poc, but when you try to install them on the Configurator in the SSL part I get a "private key does not match cert".

  I got three files of digicert (DigiCertCA.crt - TrustedRoot.crt and mysite.com.crt)

  I have them open with notepad and copy all the content in a text file in the order of trusteroot mysite - digicert. This stuck in the part of the SSL certificate and copied the REA does for demand in the private key part, but it fails with this error.

  also tried downloading the cert as a pem file but the same error.

  If anyone knows what I'm doing wrong?

  See you soon

  SEB

  Solved.

  In fact, I feel really stupid but who knows that someone else could sit and scratch your head like I did so as usual better sharing where it can benefit and spare some time.

  Reading here and there (I really feel like a fool...) I figured out I was entering my CSR to enter my private key. But then, where is my private key?

  I generated the cert with the tool of digicert. Filled in all the fields so I end up with my cert and my csr... No private key

  In order to get the key of a bit of research on Google as usual and think about it.

  Add to export the certificate with the private key using openssl and managed to recover the key

  Export the private from the pfx file key file

  OpenSSL pkcs12 - in filename.pfx - nocerts - out .pem

  Export the certificate file in the pfx file
  OpenSSL pkcs12 - in filename.pfx - clcerts - nokeys-out cert.pem

  Remove the password for the private key
  OpenSSL rsa - in .pem-out server.pem

  Chained all three CERT downloaded previously into one. It stuck in the SSL section. Copied content of server.pem in the private key part and TaDaaa here goes green

  See you soon

  SEB

• "password incorrect provided to decrypt the private key"

  The keys that I generate on my Mac are unusable. Still, I get "incorrect password provided to decrypt the private key". In this case, whether or not I generate with a password.

  This is the process I use:

  ssh-keygen - t rsa-n mypassphrase f my_id

  Generate the key pair public/private rsa.

  Your identification has been saved in my_id.

  Your public key has been saved in my_id.pub.

  The fingerprint of the key is: etc etc

  Then to check:

  ssh-keygen - y f my_id.pub

  Enter the password: mypassphrase

  Loading key 'my_id.pub': incorrect password supplied to decrypt the private key

  Anyone have an idea what is wrong? Thank you.

  Turns out I had wrong instructions to the admin of the server I tried to connect to. He wanted me to use the .pub file when connecting via ssh. So what I tried to solve the problems. But that is never going to work, because the password is used to decrypt the private key, not the public key. So when I change my test to "ssh-keygen - y f my_id ' it works fine. Should have tried first. DOH.

• SSH using the Public &amp; Private Key

  Hi all

  I have the switch set to SSH and it does not work well. I know how to configure SSH in router using the command crypto. The new requirement araised now. My organization has created a pair of key - PRIVATE KEY & KEY PULIC common to society using a mechanism. The idea is that the PUBLIC KEY will move into devices like Unix, Linux servers. so the staff which is due to the PRIVATE KEY is only allowed to access the device. I try to add / install / import the PUBLIC KEY into the switch in the same way. But I do not have idea how to move forward. Please guide me how to import the PUBLIC KEY into the switch, so that anyone who is to have the PRIVATE KEY is allowed to connect to the device.

  R.B.KUMAR

  This feature is NOT supported on Cisco IOS or

  ASA. If you want to do something like this,

  I suggest you look at other such providers

  Nokia/Checkpoint, F5, or Juniper.

• ACS SE backup private key

  How to back up the private key of the ACS SE. I have the public key certified by a commercial CA already and you don't want to waste money spent in the purchase of the certificate. Reason I want because I'm getting following error on the console and backup services have stopped.

  "Before called API initialized to H:\ismg_israel_acs\Acs\EndPoint\Core\endpoint.c.

  pp:394 ".

  ===============

  Cisco Secure ACS: 4.1.4.13

  The application management software: 4.1.4.13

  Base Unit image: 4.1.1.4

  CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

  ==========

  CSAdmin - arrested

  CSAuth - arrested

  CSDbSync - arrested

  Case - stop

  CSMon - from

  CSRadius - from

  CSTacacs - shut down

  ===================

  Can I use the backup feature? It also backs up the private key?

  Maury,

  Unfortunately, there is no way to export just the private key and the certificate.

  which can be re-imported in the ACS. There was a request in this regard

  feature to allow the export of private keys and certificates for the purposes of backup. Is the bug ID: CSCed14965.

  http://www.Cisco.com/cgi-bin/support/Bugtool/onebug.pl?BugID=CSCed14965

  However, what you can do, is make a backup of the database. This will save the registry

  that includes the certificate and the private key. Then, you can restore this backup file

  on a new machine and choose to restore the part of the System Configuration. This will restore

  the certificate and the private key in the certificate of the CSA page.

  Hope that helps

  Kind regards

  ~ JG

  Note the useful messages

• Key RSA for EMV

  Hi all

  According to the EMV standard, we demand that two RSA keys.

  (1) issuing RSA keys (will use little 1408)

  (2) ICC of RSA keys (will use little 1152)

  Here is the private RSA keys of the transmitter, use to calculate the ICC public key certificate. An EMV card contain various tag as 8F, 90 (issuer public key certificate) 9F46 (ICC PUBLIC KEY CERTIFICATE) etc that use in SDA/DDA.

  In fact, I want to calculate these values all (using Java) and want to perform the operation of SDA/DDA by my own understanding.

  Here I have need clear RSA keys that I'll use the computation of tag as well as the operation of SDA/DDA.

  EMV also have DGI8201-8205 that contian a RSA private key of CCI in CRT format.

  Could any body tell me how can I get the RSA keys that can solve my purpose and can be used in the calculation of the EMV. Thanks in advance.

  Hi all

  I got the right answer to StackOverflow. You can check it out here. http://StackOverflow.com/questions/31831367/test-RSA-keys-for-EMV-card/31848282?NoRedirect=1#comment51634680_31848282

• SSH - private key location for ESXi?

  After generating RSA SSH keys to allow SSH without password from host ESXi5 to another SSH server, where is the private key file? The default location is/root/.ssh, which does not exist under ESXi5.  Does go in .ssh?  Has anyone implemented on ESXi5 and find out where the private key used for sessions outbound SSH is stored?

  Save them under here

  / etc/ssh/Keys-root/authorized_keys

• I need to create public and private keys for the security certificate and I can not find the certificate. Where is he?

  I bought a security certificate, and the site tells me that it has been installed successfully. I need to export the certificate so that I can create public and private keys, but I can't find the certificate to do so.

  Firefox (Firefox Orange) > Options > Options > advanced > Certificates > authorities > export