pki

Get chain of certificates for a file with PowerShell?

╄→гoц情女王★ 提交于 2019-12-07 12:59:40
问题 I am looking for a method, using PowerShell only, to list the certificate chain for signed files. Specifically to get the Root certificate. As I need to get a list of which Non-Microsoft root certificates certain executables (on installed software), are dependent on. This is due to a OS-baseline guidelines, that uses the PKI procedure in Microsoft KB293781. Where only specific Root certificates shall be put on specific computers. E.g the much used "VeriSign Class 3 Primary CA - G5", shall

Asymmetric Encryption and Decryption

别来无恙 提交于 2019-12-07 09:31:47
问题 Let us say that I use the algorithm on this site to encrypt and decrypt data with public-private keys: Public Key RSA Encryption in C# .NET on CodeProject Now, let us say that someone encrypts his data using my public key using another algorithm and sends it to me. Using a different algorithm (like the one on the site), will I be able to decrypt the information back using my private key? Or is this impossible since the algorithms were different? My point is, will the end result always be the

How to configure JNDI Realm with Tomcat 7 for PKI User Certificate Authentication?

社会主义新天地 提交于 2019-12-07 07:23:26
List, I have actually searched extensively on this topic and either a) I don't know how to configure something and/or b) I don't quite understand what a JNDI Realm actually is supposed to do. I am using Tomcat 7.0.32 with jdk 1.7.0_15. Here is what I want to do. I work with customers that use PKI User Certificates. The user certificates have a cn like "Joe Smith". What I need to be able to do is look up this CN in LDAP and get the users id, which may be something like "jsmith23", and populate the Principal user in the request header. The reason for this is I have an application deployed in

kubernetes + coreos cluster - replacing certificates

China☆狼群 提交于 2019-12-07 04:23:24
问题 I have a coreos kubernetes cluster, which I started by following this article: kubernetes coreos cluster on AWS TLDR; > kube-aws init > kube-aws render > kube-aws up Everything worked good and I had a kubernetes coreos cluster on AWS. In the article there is a warning that said: PRODUCTION NOTE: the TLS keys and certificates generated by kube-aws should not be used to deploy a production Kubernetes cluster. Each component certificate is only valid for 90 days, while the CA is valid for 365

Unencrypted SSL protocol?

霸气de小男生 提交于 2019-12-07 01:29:10
问题 Is it possible to send a message over https that isn't encrypted? For example, require that certificate validation and authorization occur, but not encrypt the actual data being sent over the socket? 回答1: Yes, TLS and SSL support "no-encryption" modes. Whether the particular client and server in question are configured to enable is a separate issue. It's possible, though unlikely, that a server could enable one of these cipher suites by default. What is more likely is that a server would

Revoked X509Certificate

孤人 提交于 2019-12-06 16:21:07
How can I programmatically get when X509Certificate is revoked? I can get information if certificate is revoked, but i need to get when is revoked, i think that CRL list have that info, but can someone tell me how to read that. Revocation status is checked by (a) obtaining CRL lists and checking if the certificate is listed there, and (b) sending an OCSP request to the server to check the same. .NET doesn't let you do this. CryptoAPI might have some means for these operations, but the easiest is to use third-party library for .NET. BouncyCastle claims to have some support for OCSP and CRLs,

RSA public key encryption openssl

↘锁芯ラ 提交于 2019-12-06 14:35:17
问题 a question: Vendor says that for some encryption purpose uses PKCS#1 V2.1 OAEP with SHA-256... Is that even possible? I have checked and re-checked openssl and all they have is RSA public key encrypt with OAEP padding which is supposed to be PKCS#1 V2.1 with SHA1 So what can I do? How can I use SHA256 in RSA PUBLIC KEY encryption? IS it even possible? Best regards, EDITED: ANSWER HOW TO USE RSA ENCRYPTION USING OPENSSL OAEP PADDING AND SHA256 DIGEST #include "openssl/rsa.h" #include <openssl

Some certificates private keys in Windows-MY not detected

[亡魂溺海] 提交于 2019-12-06 14:14:06
问题 Using Windows 7, JDK 6 (and 7). I'm trying to get personal certificates stored in Windows MSCAPI key store and it's basic properties (in order to use private key for signing). However some aliases are identified not having private key (isKeyEntry == false) although it acctually has one. Any suggestions how to deal with this "feature"? The P12 file with certificate (already revoked) & private key having this weird "property" can be downloaded from http://download.upce.cz/terena-public.pfx.

Client program to validate server certificate returned by SSL_get_peer_certificate?

那年仲夏 提交于 2019-12-06 14:13:55
问题 I have a SSL/TLS client program using OpenSSL in C++ programming language. I am looking for methods to validate server certificate ( X509 ) returned by SSL_get_peer_certificate function call. Also, I have my own CA certificate loaded using SSL_CTX_load_verify_locations function. The CA certified the server certificate. I am able to make SSL session to my server. Now, i want to validate server certificate received during SSL handshake using my own CA. I couldn't find a way to do it in C or C++

Generate rsa keypair client-side on the browser

南笙酒味 提交于 2019-12-06 10:51:10
I'm not very expert in this kind of programming, and I know there is several similar questions, but anyone answered exactly that I need. My team (and I) are developing a Public Key Infrastructure. We are stuck in the key generation (on client side), but we found so few documentation about it. We know there are these options: keygen tag --> generates a SPKAC request --> works in Mozilla to internal keystore, token and smartcard crypto.generateCRMFRequest() --> generates a CRMF Request --> works in Mozilla to internal keystore, token and smartcard CryptoAPI, CAPI, XEnroll CEnroll --> generates a
订阅 pki