Extract Public Key from the public certificate (.der / .cer) - x509certificate

I am trying to wrap a generated symmetric key using the public key which i want to extract it from the Public Certificate(.der / .cer ) when i am passing the public key for wrapping the symmetric key i am getting an "java.security.InvalidKeyException" exception "Only keys that exist in 'RAW' format are supported"
When i am loading the public certificate using file input stream as
publicCertificate = new X509Certificate(new FileInputStream("src/resources/mydomain.com.der"));
for extracting the publicKey i am using this getPublicKey(); method
publicKey = publicCertificate.getPublicKey();
I am such exception when i extracted the public key and it is in the X.509 format which i need to convert it into RAW format.
Can anyone please help me out here.
Thanks in Advance.

Related

How to find public address through private key on TRON

How can I find user public address from his private key ?
Already I found a way to convert public to hex Address also private to hex and reverse
but get stuck in this one !
Using TronWeb, you can call this function:
const address = tronWeb.address.fromPrivateKey(newAccount.privateKey);
That code comes from one of TronWeb's tests
for bitcoin you need use this package to find public key => dart_wif
print('hex :::::: ${HEX.encode(index.privateKey!)}');
WIF decoded = WIF(version: 128, privateKey: index.privateKey!, compressed: true);
String key = wif.encode(decoded);
print(key);
If you are using python, the official tronpy document doesn't mentioned this. However, you can find the answer by yourself.
Open ipython from terminal, create a key object from a random key, input the key variable name and press tab twice, you will see all the attributes and functions of the object.
import tronpy
my_random_key = tronpy.keys.PrivateKey.random()
my_key = tronpy.keys.PrivateKey.fromhex(my_random_key)
my_key.public_key.to_base58check_address()

RSA/ECB/PKCS1 padding Encryption in SAP ABAP

I have a requirement where I need to do Encryption of my Private Key using Public Key(provided by third party) with RSA/ECB/PKCS1 Encryption
The Public Key is already Padded.
I am generating the private key using cl_sec_sxml_writer=>generate_key( cl_sec_sxml_writer=>co_aes256_algorithm_pem ). Is this the correct way to generate a new key or we can have any random string as a private key?
This private key will be used to encrypt a data string using AES/ECB/PKCS7 padding encryption and then convert to BASE64 and send it via API call. For AES/ECB/PKCS7 padding, I am using the classes provided by following https://github.com/Sumu-Ning/AES. pfb implementation below:
CALL METHOD zcl_aes_utility=>encrypt_xstring
EXPORTING
i_key = lv_xstr
i_data = lv_pwd_xstr
* i_initialization_vector =
i_padding_standard = zcl_byte_padding_utility=>MC_PADDING_STANDARD_PKCS_7
i_encryption_mode = zcl_aes_utility=>mc_encryption_mode_ecb
IMPORTING
e_data = lv_encrypt
My query is , how do I encrypt the private key using public key and RSA/ECB/PKCS1 Encryption.
The public key is of length 399 chars and something like this
DfP4hVgyXMSNWJFWakwo44p1PMyRKSmFG+UGq
I have checked other blogs that asks to use standard fm SSF_KRN_ENVELOPE but I am not able to understand how to use it.
Please help. Let me know in case of any further details required.

RSA Asymmetric encryption / decryption - Which key is being used

When I create a public/private key using the following code :
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container MyKeyContainerName.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);
If I then call
rsa.Encrypt (....
OR
rsa.Decrypt(..
how do I know which key is being used. Whether the public or private key is used in each case is dependent on the application. How can I determine which is being used ?
Encrypt is done with the public key, and decrypt is done with the private key .. thus only the holder of the private key can decrypt.
You are not meant to decrypt using a public key, and thus the interface don't provide you with a way to do this.
Signatures utilizes encrypting using the private key, and decryption using the public key + some one way hash logic, but in this case the interface only allows this using specific signature methods (SignData(..) & VerifyData(..)).

How to upload public RSA key to HSM (using PKCS#11 library)?

I am quite new to using PKCS#11 library so maybe someone with more experience can clear things up.
I want to do the following:
upload to HSM existing RSA public key (which was generated on PC)
and later use this uploaded key to wrap symmetric key that was generated on HSM.
I know how to generate symmetric key, but how to upload existing RSA public key?
Is this even possible using PKCS#11 library?
There seems to be similar question at Wrap a secret key with a public key using PKCS#11 but it uses RSA key pair that is generated on HSM. I need to upload RSA public key to HSM myself.
We can use C_CreateObject function of PKCS#11 to import a public key to HSM.
This can be found from
RSA PKCS#11
Functions -> Object Management Functions -> C_CreateObject
There is also an example of load public key. But it requires the support of token to load the public key from cryptoki library.
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hKey;
CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
CK_KEY_TYPE keyType = CKK_RSA;
CK_BYTE modulus[] = {... };
CK_BYTE exponent[] = {... };
CK_ATTRIBUTE keyTemplate[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass)}
,
{CKA_KEY_TYPE, &keyType, sizeof(keyType)}
,
{CKA_WRAP, &true, sizeof(true)}
,
{CKA_MODULUS, modulus, sizeof(modulus)}
,
{CKA_PUBLIC_EXPONENT, exponent, sizeof(exponent)}
};
CK_RV rv;
/* Create an RSA public key object */
rv = C_CreateObject(hSession, &keyTemplate, 5, &hKey);
if (rv == CKR_OK) {
.
.
}

Objects stored by riak-java-client end up as raw json when read by riak-python-client?

I might be confused about something, but when I store a custom object from the Java Riak client and then try to read that object using the Python Riak client, I end up with a raw json string instead of a dict.
However, if I store a the object in python, I am able to output a python dictionary when fetching that object.
I could simply use a json library on the python side to resolve this, but the very fact that I am experiencing this discrepancy makes me think that I am doing something wrong.
On the Java side, this is my object:
class DocObject
{
public String status; // FEEDING | PERSISTED | FAILED | DELETING
public List<String> messages = new ArrayList<String>();
}
class PdfObject extends DocObject
{
public String url;
public String base_url;
}
This is how I am storing that object in Riak:
public void feeding(IDocument doc) throws RiakRetryFailedException {
PdfObject pdfObject = new PdfObject();
pdfObject.url = doc.getElement("url").getValue().toString();
pdfObject.base_url = doc.getElement("base_url").getValue().toString();
pdfObject.status = "FEEDING";
String key = hash(pdfObject.url);
pdfBucket.store(key, pdfObject).execute();
}
And this is what I am doing in Python to fetch the data:
# Connect to Riak.
client = riak.RiakClient()
# Choose the bucket to store data in.
bucket = client.bucket('pdfBucket')
doc = bucket.get('7909aa2f84c9e0fded7d1c7bb2526f54')
doc_data = doc.get_data()
print type(doc_data)
The result of the above python is:
<type 'str'>
I am expecting that to be <type 'dict'>, just like how the example here works:
http://basho.github.com/riak-python-client/tutorial.html#getting-single-values-out
I am perplexed as to why when the object is stored from Java it is stored as a JSON string and not as an object.
I would appreciate if anybody could point out an issue with my approach that might be causing this discrepancy.
Thanks!
It would appear you've found a bug in our Python client with the HTTP protocol/transport.
Both the version you're using and the current one in master are not decoding JSON properly. Myself and another dev looked into this this morning and it appears to stem from an issue with charset parameter being returned from Riak with the content-type as Christian noted in his comment ("application/json; charset=UTF-8")
We've opened an issue on github (https://github.com/basho/riak-python-client/issues/227) and will get this corrected.
In the mean time the only suggestion I have is to decode the returned JSON string yourself, or using the 1.5.2 client (latest stable from pypy) and the Protocol Buffers transport:
client = riak.RiakClient(port=8087, transport_class=riak.RiakPbcTransport)
it will return the decoded JSON as a dict as you're expecting.

Resources