Questions tagged [java-security]

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols including cryptography, public key infrastructure, secure communication, authentication, and access control

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs includes cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

399 questions

votes

5 answers

Convert .cer certificate to .jks

I need to convert a .cer file to a .jks file. I saw a few questions about it, but haven't seen a solution to what I need. I don't need it in order to add it to my local certificates, but as a file to upload to a server. I also need to do it only…

asked May 20 '15 at 14:30

arikabc

votes

4 answers

Crash casting AndroidKeyStoreRSAPrivateKey to RSAPrivateKey

I'm following this tutorial: How to use the Android Keystore to store passwords and other sensitive information. It (loosely) ties up with the Google Sample app: BasicAndroidKeyStore. I can encrypt my data using the public key, and I can decrypt on…

java android cryptography java-security android-6.0-marshmallow

asked Sep 04 '15 at 14:35

James

3,485
3
20
43

votes

3 answers

java.security.UnrecoverableKeyException: Failed to obtain information about private key

I have the following lines to get the private key from key store on Android KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); // generating key pair code omitted KeyStore.PrivateKeyEntry privateKeyEntry =…

java android keystore private-key java-security

asked Apr 15 '16 at 16:46

Dino Tw

3,167
4
34
48

votes

4 answers

Java equivalent of SecureString

I'm looking for Java's equivalent of .NET's SecureString.aspx. Is there such implementation available in 2018? OWASP implementation is not exactly the same because it's just a plain char array. While .NET equivalent provides additional features such…

java java-security securestring

asked Jul 09 '18 at 09:24

Mikhail Kholodkov

23,642
17
61
78

votes

1 answer

UnrecoverableKeyException Failed to obtain information about private key, KeyStoreException: Invalid key blob

In our app we've been having issues with data in the Android Keystore suddenly becoming inaccessible. The specific exception we're seeing is here: java.security.UnrecoverableKeyException: Failed to obtain information about private key at…

android private-key android-keystore android-security java-security

asked Jan 16 '18 at 21:47

jinaud

votes

3 answers

Enable TLSv1.2 and TLS_RSA_WITH_AES_256_CBC_SHA256 Cipher Suite

Server: TLS Version: v1.2 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Client: JRE 1.7 I am receiving the below error when I try to connect to the Server from Client through SSL directly: Caused by: javax.net.ssl.SSLHandshakeException: Received…

ssl encryption java-7 tls1.2 java-security

asked Oct 12 '15 at 19:53

Ashok Goli

5,043
8
38
68

votes

6 answers

Google OAuth2 JWT token verification exception

I'm facing OAuth2 JWT token verification exception last hour (so no one can access my application): java.security.SignatureException: Signature length not correct: got 256 but was expecting 128. I'm using google-http-client 1.20.0 and Java 1.7.0.…

java jwt java-security google-http-client

asked Jun 11 '15 at 12:10

user3686724

votes

2 answers

JDK 11 SSL Error on valid certificate (working in previous versions)

The following code throws an error in JDK 11: HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection(); con.setRequestMethod("GET"); con.getResponseCode(); The error…

java ssl openssl java-security java-11

asked Aug 25 '18 at 10:34

cocorossello

1,289
1
17
30

votes

5 answers

Where is the JRE lib/security directory on Mac OS X?

I need to generate a cert and can't find this directory. Thanks!

java macos pki java-security

asked Dec 07 '11 at 00:51

bethesdaboys

1,797
7
22
35

votes

3 answers

Enable the Java SecurityManager with AllPermission

I'm trying to get myself familiar with the SecurityManager but even this simple scenario fails. When I run the following from inside my IDE or from command line I get the following exception; access denied ("java.util.PropertyPermission" "java.home"…

java java-security securitymanager

asked Nov 04 '18 at 16:48

Karussell

17,085
16
97
197

votes

1 answer

apache mina sshd authenticate client signatures

I'm trying to authenticate a signature that clients generate from their private key and send to the server. The only authenticator I could find in the library that sounded appropriate was the PublickeyAuthenticator. Please correct me if this is the…

java sshd java-security apache-mina

asked Aug 24 '16 at 12:09

Hooli

1,135
3
19
46

votes

4 answers

Data signed on iOS can't be verified in Java

I have some data that I'm signing on iOS with SecKeyRawSign using Elliptic Curve private key. However, verifying that data in Java using Signature.verify() returns false The data is a random 64 bit integer, split into bytes like so uint64_t nonce…

java ios objective-c java-security commoncrypto

asked May 21 '18 at 11:53

mag_zbc

6,801
14
40
62

votes

1 answer

Adding Security Provider multiple times in Java application

We have a Java application where a job is scheduled to run every 5 minutes. In that job, there is a security component that does the following every time it is executed: java.security.Security .addProvider(new…

java security bouncycastle java-security

asked Jul 19 '17 at 18:04

Aman

1,170
3
15
29

votes

1 answer

Keep getting No X509TrustManager implementation available error when trying to connect to web socket server

I have the following code for connecting to a web socket server in my java application using secure websockets. private boolean openConnection(boolean tried) { String sslFile = ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslfile"); …

java ssl websocket x509certificate java-security

asked Jul 13 '16 at 14:04

jgr208

2,896
9
36
64

votes

1 answer

How to restrict createObject() on certain java classes or packages?

I want to create a secure ColdFusion environment, for which I am using multiple sandboxes configuration. The following tasks are easily achievable using the friendly administrator interface: Restricting CFtags like: cfexecute, cfregistry and…

coldfusion jvm-arguments java-security cfadmin

asked Jun 09 '15 at 14:17

Anurag

1,018
1
14
36

2 3

…

26 27 Next