Private Brain Key Generation and Public Address Not Matching Java


Using the keytool utility, it is easy to extract the public key of an already created “public-private” key pair, which is stored in a keystore.

Here are the steps:

Step 1: Creating the “public-private” key-pair.

keytool -genkey -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks

Step 2: Validate the “public-private” key pair, which was created under the Step 1.

keytool -list -v -keystore keystore.jks

The output would be like this.

crishantha@crishantha-laptop$ keytool -list -v -keystore keystore.jks Enter keystore password: password Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry Alias name: certificatekey Creation date: Aug 23, 2011 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Crishantha Nanayakkara, OU=Technical, O=ICTA, L=Colombo, ST=Western, C=SL Issuer: CN=Crishantha Nanayakkara, OU=Technical, O=ICTA, L=Colombo, ST=Western, C=SL Serial number: 4e531ddf Valid from: Tue Aug 23...
1 0

The Public and Private key pair comprise of two uniquely related cryptographic keys (basically long random numbers). Below is an example of a Public Key:

3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001

The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.

Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.

For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her...

0 0
(1) Using keytool to generate a public-private key pair

Topic - (1) Using keytool to generate a public-private key pair

The first step in configuring a VT Display session for SSH client authentication using a public key is to use the keytool program to generate a public-private key pair.

About keytool

keytool is a multipurpose utility program, included in the Java 2 Version 1.4 JRE and distributed with Host On-Demand, for managing keys and certificates.

A perspective from Unix-like platforms

Because keytool is a multipurpose tool for managing keys and certificates, you may find it easier to understand the generating of a public-private key pair by looking first at a less complex tool available on Unix-like platforms, named ssh-keygen. (This is for illustration purposes only. You cannot use ssh-keygen to generate public-private keys for Host On-Demand.)

Getting keytool

You can get access to keytool from the...

0 0

by Brian Reindel on July 01, 2014 in Encryption

Public-key Encryption Basics

Unless otherwise noted, public-key cryptography is a field or science, while public-key encryption is the applied knowledge of that science. Some articles use the terms interchangeably. There are also numerous articles that cover the implementation specifics and mathematics behind public-key cryptography. It is less important for the purposes of this article that you understand those details, and that you instead grasp the holistic benefits of using public-key encryption.

First and foremost, public-key encryption is asymmetric. In asymmetric cryptography two keys are required: a public key that encrypts plain text into cipher text, and a private key that decrypts the cipher text back into plain text. This is in contrast to symmetric cryptography where there is a single private key that encrypts and decrypts.

In a single domain, like a website or application, symmetric...

0 0

Since August 1st, 2013 iGolder is no longer accepting new accounts and balances can only be redeemed. During the past years, we have been recommending Bitcoin more than our own payment system. We believe in physical gold ownership, and developed iGolder as a mechanism for people to acquire physical gold by trading with one another.

Since iGolder has a central point of failure (our server may be raided by thugs wearing some kind of uniform), we feet it is safer for us to cease operations. The iGolder experiment has been personally rewarding as we met many gold enthusiasts and also learned about Bitcoin in the process. For those who have no idea what Bitcoin is, we recommend doing your own research. Bitcoin is far superior to iGolder in every way, both in privacy and security as our server is always vulnerable to confiscation. Bitcoin is a communication protocol with a built-in "escrow service" capable of protecting both the buyer and the seller, rendering our Safetransit...

0 0

The Java Cryptography Architecture (JCA) allows developers to easily integrate security into their application code. JCA provides a set of APIs for digital signatures, message digests, certificate validation, encryption (symmetric/asymmetric ciphers), key generation and so on. In this article I show how to implement the data encryption and decryption with public-key cryptography (also known as asymmetric cryptography). To do this, I will generate a 2048 bit sized RSA public/private key pair. The public key is used to encrypt a plaintext file, whereas the private key is used to decrypt the ciphertext.

In order to generate the public and private RSA keys I use the KeyPairGenerator object. The functionality for encryption and decryption is provided by the Cipher getInstance method, passing the name of the requested transformation to it (RSA/ECB/PKCS1Padding). The JCA specification calls these classes “engine classes“, follows an high level representation.

0 0

I am trying to generate a public and private key set from a input string in Java. (Yes I am aware this can be a dangerous practice) I am using bitcoinj for a outside library.

I currently have:

//public key generation from private key static String getPublicKey(byte[] privKey) { Address address = new Address(MainNetParams.get(), Utils.sha256hash160(ECKey.fromPrivate(privKey, false).getPubKey())); return address.toString(); } ///hash string to generate private key from string static byte[] sha256(String base) { try{ MessageDigest digest = MessageDigest.getInstance("SHA-256"); byte[] hash = digest.digest(base.getBytes("UTF-8")); return hash; } catch(Exception ex){ throw new RuntimeException(ex); } } //encode private key as string to display static String privToString(byte[] hash) { StringBuffer hexString = new StringBuffer(); for (int i = 0; i < hash.length; i++) { String hex = Integer.toHexString(0xff & hash[i]); ...
0 0

I think new VersionedChecksummedBytes(0x80, priv).toBase58() is the right idea, but the constructors are protected and I cannot find a static factory function. However, using the getPrivateKeyEncoded method of ECKey, we can obtain a DumpedPrivateKey object which derives from VersionedChecksummedBytes. We can also use the getPrivateKeyAsWiF method of ECKey which is more direct. Or we can do things manually:

import java.math.BigInteger; import org.bitcoinj.core.VersionedChecksummedBytes; import org.bitcoinj.core.ECKey; import org.bitcoinj.core.NetworkParameters; import org.bitcoinj.core.Sha256Hash; import org.bitcoinj.core.Base58; import org.bitcoinj.params.MainNetParams; public class Test { public static void main(String args[]){ NetworkParameters mainNet = MainNetParams.get(); String hex = "dba1e3e22415c56af772dee422add21b7382ea35f2af77852a8069d02e47ecf4"; BigInteger big = new BigInteger(hex, 16); ECKey key = ECKey.fromPrivate(big, false); // uncompressed byte[] priv =...
0 0

You can do this with the Bouncy Castle Crypto APIs,

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair key = keyGen.generateKeyPair(); PrivateKey priv = key.getPrivate(); PublicKey pub = key.getPublic(); String privateKey = new String(Base64.encode(priv.getEncoded(), 0,priv.getEncoded().length, Base64.NO_WRAP)); String publicKey1 = new String(Base64.encode(pub.getEncoded(), 0,pub.getEncoded().length, Base64.NO_WRAP)); String publicKey = new String(Base64.encode(publicKey1.getBytes(),0, publicKey1.getBytes().length, Base64.NO_WRAP));

As far as adding things like name, email and password, you are referring to generating a certificate, which requires that a key pair is generated. Certificate types vary depending on usage, as does the means to generate them.

If you wish to truly secure communications, is an...

0 0

If you do much work with SSL or SSH, you spend a lot of time wrangling certificates and public keys. Public key cryptography provides the underpinnings of the PKI trust infrastructure that the modern internet relies on, and key management is a big part of making that infrastructure work. If you do any work on the web, you deal with public keys. As keys age and things get shuffled around, though, you may often find yourself (as do I) trying to figure out which private keys go with which public keys. That can sometimes turn out to be a bit tricky, though, since exactly how to do that depends on both the format of the key files themselves as well as the public key cryptography algorithm in use. I've put together a quick reference here for anybody (including myself) who's faced with the same problem.


SSL presents public keys in the context of an X.509 certificate, which itself includes a lot of information about the principal identified by the public key as well...

0 0

You can use this Certificate Key Matcher to check whether a private key matches a certificate or whether a certificate matches a certificate signing request (CSR). When you are dealing with lots of different certificates it can be easy to lose track of which certificate goes with which private key or which CSR was used to generate which certificate. The Certificate Key Matcher tool makes it easy to determine whether a private key matches or a CSR matches a certificate.

The Certificate Key Matcher simply compares an md5 hash of the private key modulus, the certificate modulus, or the CSR modulus and tells you whether they match or not. You can check whether a certificate matches private key, or a CSR matches a certificate on your own computer by using the OpenSSL commands below:

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl...

0 0

To sign an assembly with a strong name, you must have a public/private key pair. This public and private cryptographic key pair is used during compilation to create a strong-named assembly. You can create a key pair using the Strong Name tool (Sn.exe). Key pair files usually have an .snk extension.

To create a key pair

At the command prompt, type the following command:

sn –k

In this command, file name is the name of the output file containing the key pair.

The following example creates a key pair called sgKey.snk.

If you intend to delay sign an assembly and you control the whole key pair (which is unlikely outside test scenarios), you can use the following commands to generate a key pair and then extract the public key from it into a separate file. First, create the key pair:

Next, extract the public key from the key pair and copy it to a separate file:

sn -p keypair.snk public.snk

Once you create the key pair, you...

0 0