Showing posts with label self-signed certificate. Show all posts
Showing posts with label self-signed certificate. Show all posts

Wednesday, May 24, 2017

How to sign string as well sign request body with public key using Java

Below is a code snippet which will sign your request using Public key.


package com.pkm.src;

import Base64OutputStream;
import IOUtil;

import javax.crypto.Cipher;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/**
 * Created by pritom on 24/05/2017.
 */
public class SignatureSigner {
    public static void main(String[] args) throws Exception {
        String certificateFile = ".....\\publickey.cer";
        String requestBody = "Param1=Value_Of_Param1&Param2=Value_Of_param2";
        String signature = encodeRSASHA1(certificateFile, requestBody);
        System.out.println("Signature=" + signature);
    }

    protected static String encodeRSASHA1(String certificateFile, String requestBody) throws Exception {
        FileInputStream certIn1 = new FileInputStream(certificateFile);
        CertificateFactory e = CertificateFactory.getInstance("X509");
        X509Certificate myCertificate = (X509Certificate) e.generateCertificate(certIn1);

        MessageDigest hashGen = MessageDigest.getInstance("SHA1");
        byte[] hash = hashGen.digest(requestBody.getBytes("UTF-8"));
        Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        rsa.init(1, myCertificate);
        byte[] signature = rsa.doFinal(hash);

        ByteArrayInputStream sigIn = new ByteArrayInputStream(signature);
        ByteArrayOutputStream sigOut = new ByteArrayOutputStream();
        Base64OutputStream base64Out = new Base64OutputStream(sigOut, "");
        IOUtil.copy(sigIn, base64Out);
        base64Out.close();
        return new String(sigOut.toByteArray(), "US-ASCII");
    }
}

Which will output as below:

Signature=7GNccit4cY+rs4t/S0WBv.........+w1rYdiEO8PxuR3SQ=

Tuesday, July 23, 2013

Create Self-Signed Certificate Windows

At first install OpenSSL in your windows machine.

Several files related to your your SSL certificate will be created in this section, so choose a common base name to use. In my examples I use "blarg", which I've italicised to show it should be replaced by your choice. In practice, I recommend extracting the essence from your domain name; for example, if I was creating a certificate for https://www.neilstuff.com/ then I'd use "neilstuff".
Open up a command prompt and go to the directory where you unzipped OpenSSL and run the following command to create a new certificate request:

openssl req -config openssl.cnf -new -out blarg.csr -keyout blarg.pem


You'll be prompted to answer many questions, which ones depend on your openssl.cnf file; all except two of these can be left blank:
  • PEM pass phrase: Password associated with the private key (blarg.pem) you're generating. Since we'll be removing this for the benefit of Apache 2.0.X, I suggest using something like "none" or "password".
  • Common Name: The fully-qualified domain name associated with this certificate. In my example, I use www.blarg.com which means I damn well better use that certificate on https://www.blarg.com/. For personal security, testing, or intranets it's okay for this to not quite match -- just be prepared to deal with warnings from web browsers and such.
Now it's time to create a non-password protected key for Apache 2.0.X by executing the following:
openssl rsa -in blarg.pem -out blarg.key

The only thing you'll be asked is the password you had used. Your resulting KEY file is essential the same thing as the PEM, just not password protected.
Before we go on, delete the .rnd file. This contains entropy information which could be used by malicious people to try and crack your certificate later on (if they get a hold of it).
Finally, run the following command to create an X.509 certificate, e.g. the kind of certificate that SSL likes to munch:
openssl x509 -in blarg.csr -out blarg.cert -req -signkey blarg.key -days 365

 
Congratulations, you've created a self-signed certificate! Keep the KEY and CERT files some place safe, we'll be using them soon.