An X.509 certificate and an X509EncodedKeySpec are quite different structures, and trying to parse a cert as a key won’t work. Java’s X509EncodedKeySpec is actually SubjectPublicKeyInfo from X.509 or equivalent and more convenient PKIX also linked from Key, which is only a small part of a certificate. What you need to do is read and … Read more
RSA + SHA256 can and will work… Your later example may not work all the time, it should use the hash algorithm’s OID, rather than it’s name. As per your first example, this is obtained from a call to CryptoConfig.MapNameToOID(AlgorithmName) where AlgorithmName is what you are providing (i.e. “SHA256”). First you are going to need … Read more
I edited the answer to do the root certificate first and then issue an end entity certificate. Here is some example of generating a self-signed certificate through Bouncy Castle: public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = … Read more
I will answer to my own questions, but not delete it, in case someone else got the same problems: return new JcaX509CertificateConverter().getCertificate(certificateHolder); And for attribute certificates: return new X509V2AttributeCertificate(attributeCertificateHolder.getEncoded()); Not nice, as it is encoding and decoding, but it works.
That particular error message rings a bell. I’ll guess that either you did not store the private key with the certificate, or, the Windows service does not have access to the private key. To check this, open the Certificates MMC snap-in: Run mmc (e.g. from the Start menu) File menu > Add/Remove Snap-in Select “Certificates” … Read more
You’re right, no API at all that I’m aware to export PrivateKey marked as non-exportable. But if you patch (in memory) normal APIs, you can use the normal way to export 🙂 There is a new version of mimikatz that also support CNG Export (Windows Vista / 7 / 2008 …) download (and launch with … Read more
I ended up using Jsch- it was pretty straightforward, and seemed to scale up pretty well (I was grabbing a few thousand files every few minutes).
To hash a string, use the built-in MessageDigest class: import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.nio.charset.StandardCharsets; import java.math.BigInteger; public class CryptoHash { public static void main(String[] args) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance(“SHA-256”); String text = “Text to hash, cryptographically.”; // Change this to UTF-16 if needed md.update(text.getBytes(StandardCharsets.UTF_8)); byte[] digest = md.digest(); String hex = … Read more