Questions tagged [java-security]

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols including cryptography, public key infrastructure, secure communication, authentication, and access control

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs includes cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

399 questions
50
votes
5 answers

Convert .cer certificate to .jks

I need to convert a .cer file to a .jks file. I saw a few questions about it, but haven't seen a solution to what I need. I don't need it in order to add it to my local certificates, but as a file to upload to a server. I also need to do it only…
arikabc
  • 675
  • 1
  • 6
  • 11
45
votes
4 answers

Crash casting AndroidKeyStoreRSAPrivateKey to RSAPrivateKey

I'm following this tutorial: How to use the Android Keystore to store passwords and other sensitive information. It (loosely) ties up with the Google Sample app: BasicAndroidKeyStore. I can encrypt my data using the public key, and I can decrypt on…
James
  • 3,485
  • 3
  • 20
  • 43
31
votes
3 answers

java.security.UnrecoverableKeyException: Failed to obtain information about private key

I have the following lines to get the private key from key store on Android KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); // generating key pair code omitted KeyStore.PrivateKeyEntry privateKeyEntry =…
Dino Tw
  • 3,167
  • 4
  • 34
  • 48
28
votes
4 answers

Java equivalent of SecureString

I'm looking for Java's equivalent of .NET's SecureString.aspx. Is there such implementation available in 2018? OWASP implementation is not exactly the same because it's just a plain char array. While .NET equivalent provides additional features such…
Mikhail Kholodkov
  • 23,642
  • 17
  • 61
  • 78
26
votes
1 answer

UnrecoverableKeyException Failed to obtain information about private key, KeyStoreException: Invalid key blob

In our app we've been having issues with data in the Android Keystore suddenly becoming inaccessible. The specific exception we're seeing is here: java.security.UnrecoverableKeyException: Failed to obtain information about private key at…
24
votes
3 answers

Enable TLSv1.2 and TLS_RSA_WITH_AES_256_CBC_SHA256 Cipher Suite

Server: TLS Version: v1.2 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Client: JRE 1.7 I am receiving the below error when I try to connect to the Server from Client through SSL directly: Caused by: javax.net.ssl.SSLHandshakeException: Received…
Ashok Goli
  • 5,043
  • 8
  • 38
  • 68
21
votes
6 answers

Google OAuth2 JWT token verification exception

I'm facing OAuth2 JWT token verification exception last hour (so no one can access my application): java.security.SignatureException: Signature length not correct: got 256 but was expecting 128. I'm using google-http-client 1.20.0 and Java 1.7.0.…
user3686724
  • 603
  • 1
  • 5
  • 15
16
votes
2 answers

JDK 11 SSL Error on valid certificate (working in previous versions)

The following code throws an error in JDK 11: HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection(); con.setRequestMethod("GET"); con.getResponseCode(); The error…
cocorossello
  • 1,289
  • 1
  • 17
  • 30
14
votes
5 answers

Where is the JRE lib/security directory on Mac OS X?

I need to generate a cert and can't find this directory. Thanks!
bethesdaboys
  • 1,797
  • 7
  • 22
  • 35
14
votes
3 answers

Enable the Java SecurityManager with AllPermission

I'm trying to get myself familiar with the SecurityManager but even this simple scenario fails. When I run the following from inside my IDE or from command line I get the following exception; access denied ("java.util.PropertyPermission" "java.home"…
Karussell
  • 17,085
  • 16
  • 97
  • 197
14
votes
1 answer

apache mina sshd authenticate client signatures

I'm trying to authenticate a signature that clients generate from their private key and send to the server. The only authenticator I could find in the library that sounded appropriate was the PublickeyAuthenticator. Please correct me if this is the…
Hooli
  • 1,135
  • 3
  • 19
  • 46
12
votes
4 answers

Data signed on iOS can't be verified in Java

I have some data that I'm signing on iOS with SecKeyRawSign using Elliptic Curve private key. However, verifying that data in Java using Signature.verify() returns false The data is a random 64 bit integer, split into bytes like so uint64_t nonce…
mag_zbc
  • 6,801
  • 14
  • 40
  • 62
12
votes
1 answer

Adding Security Provider multiple times in Java application

We have a Java application where a job is scheduled to run every 5 minutes. In that job, there is a security component that does the following every time it is executed: java.security.Security .addProvider(new…
Aman
  • 1,170
  • 3
  • 15
  • 29
12
votes
1 answer

Keep getting No X509TrustManager implementation available error when trying to connect to web socket server

I have the following code for connecting to a web socket server in my java application using secure websockets. private boolean openConnection(boolean tried) { String sslFile = ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslfile"); …
jgr208
  • 2,896
  • 9
  • 36
  • 64
11
votes
1 answer

How to restrict createObject() on certain java classes or packages?

I want to create a secure ColdFusion environment, for which I am using multiple sandboxes configuration. The following tasks are easily achievable using the friendly administrator interface: Restricting CFtags like: cfexecute, cfregistry and…
Anurag
  • 1,018
  • 1
  • 14
  • 36
1
2 3
26 27