private-key interview questions
Top private-key frequently asked interview questions
During the creation of simple messaging android application that is to encrypt/decrypt messages and send them through internet, I decided to use RSA public/private key encryption. Question is how to store private key, so that even if phone is maliciously rooted, the key would stay safe? As far as I understood, KeyStore is used for certificates, and cannot be used for this? Should I encrypt private key as text file with AES? I have very little experience with security, so please feel free to correct my ideas, and give your opinion!
Kind Regards.
Source: (StackOverflow)
I want to encrypt a data with using public/private key technique. I mean, encrypt with the public key of receiver and the receiver can decrypt with own private key.
How can I do that? Do you have any suggestion or sample code or something else?
Source: (StackOverflow)
Are the exported private keys gotten by executing gpg --export-secret-keys still encrypted and protected by their passphrase? This seems to be the case but I can't find anywhere that explicitly confirms this.
If the exported keys are still encrypted then is there anyway to get the pure, unencrypted private key (like you can for the public segment)?
Source: (StackOverflow)
I created a .p12 keystore using openssl from a pkcs8 keystore. Now I'm trying to import the private key using java Keytool into a new JKS keystore. I tried the command:
keytool -importkeystore -srckeystore newKS.p12 -srcstoretype pkcs12
-srcstorepass pass -destkeystore exportedJks.jks -deststoretype jks -deststorepass pass
But I get the following error message:
keytool error: java.security.UnrecoverableKeyException: Get Key
failed: EC KeyFactory not available
How can I resolve this error so I can import this key into a new JKS keystore?
Source: (StackOverflow)
Can anyone tell me the correct way/command to extract/convert the certificate .crt and private key .key files from a .pem file? I just read they are interchangable, but not how.
Source: (StackOverflow)
PEM_read_bio_PrivateKey() returns NULL if a private key is encrypted by DES EDE in ECB mode. The issue happens in EVP_DecryptFinal_ex():
4128:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
If the same private key is encrypted by DES EDE in CBC mode, this function works OK.
I checked, this issue is reproducible on openssl 0.9.8r/y versions (without FIPS). If openssl is built with FIPS the issue doesn't happen.
What causes this behaviour?
Thanks!
Source: (StackOverflow)
Background: My boss has tried exporting an ASC key to me with public and private parts but whenever I get the file the private part never loads up and it won't decrypt any files.
We have tried Exporting the ASC Key using:
How do you properly export a secret or private asc key to decrypt gpg files?
Source: (StackOverflow)
I'm trying to setup a git client on linux. I uploaded my private key to the machine, and I understand that I should put it in ~/.ssh, but I don't have access to that folder.
How can I tell git to look for the private key somewhere else?
Source: (StackOverflow)
The problem with ssh authentication:
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: bridged
==> default: Forwarding ports...
default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Error: Connection timeout. Retrying...
default: Error: Connection timeout. Retrying...
default: Error: Connection timeout. Retrying...
default: Error: Connection timeout. Retrying...
default: Error: Authentication failure. Retrying...
default: Error: Authentication failure. Retrying...
default: Error: Authentication failure. Retrying...
default: Error: Authentication failure. Retrying...
default: Error: Authentication failure. Retrying...
I can Ctrl+C out of the authentication loop and then successfully ssh in manually.
I performed the following steps on the guest box:
Enabled Remote Login for All Users.
Created the ~/.ssh directory with 0700 permissions.
Created the ~/.ssh/authorized_keys file with 0600 permissions.
Pasted this public key
into ~/.ssh/authorized_keys
I've also tried using a private (hostonly) network instead of the public (bridged) network, using this line in the Vagrantfile:
config.vm.network "private_network", ip: "172.16.177.7"
I get the same output (except Adapter 2: hostonly) but then cannot ssh in manually.
I also tried config.vm.network "private_network", ip: "10.0.0.100".
I also tried setting config.ssh.password in the Vagrantfile. This does output SSH auth method: password but still doesn't authenticate.
And I also tried rebuilding the box and rechecking all the above.
It looks like others have had success with this configuration, so there must be something I'm doing wrong.
I found this thread and enabled the GUI, but that doesn't help.
Source: (StackOverflow)
Recently I discovered how useful and easy parse.com is.
It really speeds up the development and gives you an off-the-shelf database to store all the data coming from your web/mobile app.
But how secure is it? From what I understand, you have to embed your app private key in the code, thus granting access to the data.
But what if someone is able to recover the key from your app? I tried it myself. It took me 5 minutes to find the private key from a standard APK, and there is also the possibility to build a web app with the private key hard-coded in your javascript source where pretty much anyone can see it.
The only way to secure the data I've found are ACLs (https://www.parse.com/docs/data), but this still means that anyone may be able to tamper with writable data.
Can anyone enlighten me, please?
Source: (StackOverflow)
I'm trying to set up SSL on Nginx. It doesn't work, and I am getting the following error in the error log, which is getting passed up from the OpenSSL library which nginx was compiled with. I don't know what that library is, but it's version 0.8.54 of nginx, and I installed it using apt-get on Ubuntu Linux.
2012/02/21 07:06:33 [emerg] 4071#0:
SSL_CTX_use_PrivateKey_file("/exequias/certs/exequias.com.key") failed (SSL:
error:0906406D:PEM routines:PEM_def_callback:problems getting password error:
0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:
SSL_CTX_use_PrivateKey_file:PEM lib)
I have ensured that the file permissions on the private key file are not stopping nginx from reading it. It is an RSA private key, generated with openssl rsa.
Any ideas what might be causing this?
Source: (StackOverflow)
Hi I've kind of been cornered by apple here, I submitted a terchnical support query, one of the free ones thats comes free when you pay into the developer program only to be told that they wont be in the office until after thanksgiving, a problem i overlooked as I am from Ireland. I really need help on this as Ive tried looking in forums and ive tried solutions that were given for similar problems but I still cant crack it.
The screenshot images can be seen on this page..
http://www.heffernanwebservices.ie/blank.html
Here it goes...
DESCRIPTION OF PROBLEM On trying to build my project "Mulligan IRL" in xcode i get the following error " Code Sign error: The identity 'iPhone Developer: Cian Heffernan (8ELM27DL8F)' doesn't match any valid certificate/private key pair in the default keychain"
[Screenshot 1]
When I navigate to code signing in the build settings of the project i can see that when i click code signing identity for iphone developer or iphone distribution it has "(no profiles currently match) beside them. I then headed to the keychain access window in utilities and look in certificates and find that both the developer and distribution certificates will not expire until next august and november. Next I headed to the organizer in xcode. I see in provisioning profiles I have 8 profiles there! I dont know why I have so many.(2nd attachment)
[Screenshot 2]
As you can see ONE of the iOS team provisioning profiles will expire in 11days so I just tried to renew that. When I try this I get an error:(3rd attachment)
[Screenshot 3]
I then head to the provisioning portal to see why it wasnt found but I can see the profile. (4th attachment)
[Screenshot 4]
I have no idea why I am getting this error. I would appreciate any help on the matter.
Source: (StackOverflow)
i have a .PEM file that includes public key and a private key for SSL data transfer like this:
-----BEGIN RSA PRIVATE KEY-----
private key data
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
public key data
-----END CERTIFICATE-----
when i want to load the .PEM file by the following code:
X509Certificate2 xx = new X509Certificate2("c:\\myKey.pem");
i get an exception that says: "Cannot find the requested object." , with full stack:
System.Security.Cryptography.CryptographicException was unhandled
Message=Cannot find the requested object.
Source=mscorlib
StackTrace:
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
at DLLTest.SSL_Test.test() in E:\Projects\DLLTest\DLLTest\SSL_Test.cs:line 165
at DLLTest.SSL_Test.Run() in E:\Projects\DLLTest\DLLTest\SSL_Test.cs:line 21
at DLLTest.Program.Main(String[] args) in E:\Projects\DLLTest\DLLTest\Program.cs:line 21
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException:
if i swap place of private key section and public key section, the code works and load data, and i can get just public key info from the object, eg. IssuerName,
and its HasPrivateKey is false. why? am i misunderstood and doing wrong something?
Source: (StackOverflow)
I want to generate a privatekey PKCS8 format encrypted with password, and I try with this code:
String password = "123456";
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair key = gen.generateKeyPair();
PrivateKey privateKey = key.getPrivate();
PublicKey publicKey = key.getPublic();
FileOutputStream pvt = new FileOutputStream("d:\\pvt123456.der");
try {
pvt.write(privateKey.getEncoded());
pvt.flush();
} finally {
pvt.close();
}
FileOutputStream pub = new FileOutputStream("d:\\pub123456.der");
try {
pub.write(publicKey.getEncoded());
pub.flush();
} finally {
pub.close();
}
But I donĀ“t know how to encrypt a password with 3des to be compatible with openssl format.
Source: (StackOverflow)
For aesthetic reasons, I would like to use the same private key that I used to create my distribution certificate a while ago, to create a new development certificate (my old one expired). But the "How to create a development certificate:" on the iOS provisioning portal require that you use Keychain Access create a new key. When I try to do Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority With "(my key name)" the Certificate Assistant doesn't actually create a CSR file.
Does anyone know if this can be done, and if so, how?
Source: (StackOverflow)