pki | 易学教程

How does keytool protect keys?

阅读更多关于 How does keytool protect keys?

问题 When you are building a key store with the Java Keytool utility, how are the keys protected? I've read through the documentation, and I realize that each private key has a key password, and then the store has a store password. But what mechanism is used to protect the data? Is it an encryption cipher? If so, what is the algorithm? I'm focused specifically on how keytool does the protection when it is building a JKS file. 回答1: Sun's default JKS keystore uses a proprietary algorithm, primarily

Adding a self-signed certificate to iphone Simulator?

阅读更多关于 Adding a self-signed certificate to iphone Simulator?

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate". I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work. Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work? UPDATE I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just

Mutual-authentication with web services

阅读更多关于 Mutual-authentication with web services

问题 Currently, I've been successful implementing Mutual Authentication security so long as the client accesses the website using a web browser, because browsers take care of all the certificate exchange for you. Now I need to create a secure interface with which users can access web services over HTTPS, using the mutual authentication required by the server. First off, are there any resources anyone knows of that can help me with this? I've looked for quite some time and found nothing. Any other

PKCS12 Java Keystore from CA and User certificate in java

阅读更多关于 PKCS12 Java Keystore from CA and User certificate in java

问题 I've recently been put in charge of mocking up an Apple product (iPhone Configuration Utility) in Java. One of the sections I've been a bit stuck on is a part about Exchange ActiveSync. In there, it allows you to select a certificate from your Keychain to use as credentials for your EAS account. After some research, I found that it's actually creating a PKCS12 keystore, inserting the private key of the certificate I selected, and encoding that into XML. So far not a big deal. If I create a

How to extract public key using OpenSSL?

阅读更多关于 How to extract public key using OpenSSL?

问题 The following command generates a file which contains both public and private key: openssl genrsa -des3 -out privkey.pem 2048 Source: here With OpenSSL, the private key contains the public key information as well, so a public key doesn\'t need to be generated separately How can we extract the public key from the privkey.pem file? Thanks. 回答1: openssl rsa -in privkey.pem -pubout > key.pub That writes the public key to key.pub 回答2: Though, the above technique works for the general case, it didn

User Authentication from Browser using Digital Signature Certificate on USB Token or Smart Card

阅读更多关于 User Authentication from Browser using Digital Signature Certificate on USB Token or Smart Card

问题 I would like to know JavaScript code for user authentication from browser with digital signature on client’s USB Token or Smart Card. But I don’t understand how to digitally sign login request, say authtoken, or UserID and Passwrd from browser using USB Token. I need a popup on browser to select certificate form USB Token. My user have USB tokens of various makes and respective driver installed on their PC. I need a solution where user don\'t have to select tokken driver. 回答1: Methods like

使用二进制的方式部署 K8S-1.16 高可用集群(二十)

阅读更多关于使用二进制的方式部署 K8S-1.16 高可用集群(二十)

一、项目介绍项目致力于让有意向使用原生kubernetes集群的企业或个人，可以方便的、系统的使用二进制的方式手工搭建kubernetes高可用集群。并且让相关的人员可以更好的理解kubernetes集群的运作机制。软件版本 os centos7.7（ubuntu也适用，需要替换部分命令） kubernetes 1.16.2 etcd 3.4.3 docker 18.06 calico 3.10.1-2 coredns 1.6.2 二、实践环境准备 1. 服务器说明我们这里使用的是五台centos 7.7虚拟机，具体信息如下表：系统类型 IP地址节点角色 CPU Memory Hostname centos-7.7 172.18.0.100 master \>=2 \>=2G k8s-m01 centos-7.7 172.18.0.101 master \>=2 \>=2G k8s-m02 centos-7.7 172.18.0.102 master \>=2 \>=2G k8s-m03 centos-7.7 172.18.0.103 worker \>=2 \>=2G k8s-n01 centos-7.7 172.18.0.104 worker \>=2 \>=2G k8s-n02 2. 系统设置（所有节点） 2.1 主机名主机名必须每个节点都不一样

Kubernetes 1.11 手动安装并启用ipvs

阅读更多关于 Kubernetes 1.11 手动安装并启用ipvs

Kubernetes v1.12 手动部署链接 ERROR: #很多博友说搭建之后出现认证的问题，我验证了一下，配置是没有写错的 #原因是51cto的markdown格式有点问题，代码粘贴上来之后出现了不兼容，缩进异常的情况 #评论中出现的：error: unable to upgrade connection: Unauthorized #其实是因为直接复制代码生成的/etc/kubernetes/kubelet-config.yml文件缩进有问题 #文章中已经修改了，为了让大家少踩点坑，这里贴出原文：http://note.youdao.com/noteshare?id=31d9d5db79cc3ae27e72c029b09ac4ab&sub=9489CC3D8A8C44F197A8A421DC7209D7 有道笔记原文请点击这里！！！！！！！环境介绍：系统：Centos 7.5 1804 内核：3.10.0-862.el7.x86_64 docker版本: 18.06.0-ce kubernetes版本：v1.11 master 192.168.1.1 node1 192.168.1.2 node2 192.168.1.3 etcd版本：v3.2.22 etcd1 192.168.1.4 etcd2 192.168.1.5 etcd3 192.168.1.6 一、准备工作