Looking at OpenSSL sources, this can happen only if padding in encrypted data is invalid. Does this happen with different keys, and can you provide a sample one? And, what tool is used to generate such keys (i.e. the same OpenSSL or not)? Probably, it omits padding/or writes zero padding instead of correct one.

I have form fields that are validated using `required`. The problem is, that the error is displayed immediately when the form is rendered. I want it only to be displayed after the user actually typed in the text field, or on submit.

How can I implement this?

Validate form field only on submit or user input

What&#39;s the least error-prone way to target just IE11 with JavaScript?

Note: This should really only be done for analytics or informing the user what browser they&#39;re using. For everything else, there&#39;s feature detection.

How can I target only Internet Explorer 11 with JavaScript?

`PEM_read_bio_PrivateKey()` returns `NULL` if a private key is encrypted by DES EDE in ECB mode. The issue happens in `EVP_DecryptFinal_ex()`:

`4128:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:`

If the same private key is encrypted by DES EDE in CBC mode, this function works OK.

I checked, this issue is reproducible on openssl 0.9.8r/y versions (without FIPS). If openssl is built with FIPS the issue doesn&#39;t happen.

What causes this behaviour?

Thanks!

PEM_read_bio_PrivateKey() returns NULL in ECB mode only

<code>PEM_read_bio_PrivateKey()</code> returns <code>NULL</code> if a private key is encrypted by DES EDE in ECB mode. The issue happens in <code>EVP_DecryptFinal_ex()</code>:
<code>4128:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:</code>
If the same private key is encrypted by DES EDE in CBC mode, this function works OK.
I checked, this issue is reproducible on openssl 0.9.8r/y versions (without FIPS). If openssl is built with FIPS the issue doesn't happen.
What causes this behaviour?
Thanks!

I am confused between various keys used in encryption.

Amazon gave me `key.pem`

In linux i generate keys like  `id_rsa` and `id_rsa.pub`

Now putty used key like `key.ppk`


I am really confused what type of key is used where

what is the difference between various keys in public key encryption

Is it possible to hide/encode/encrypt the php file/source code, and let others have the system installed and run on their machine?

Is it possible to hide/encode/encrypt php source code and let others have the system?

What is the recommended way of generating a secure, random AES key in Java, using the standard JDK?

In other posts, I have found this, but using a `SecretKeyFactory` might be a better idea:

&lt;!-- language: java --&gt;

    KeyGenerator keyGen = KeyGenerator.getInstance(&quot;AES&quot;);
    SecureRandom random = new SecureRandom(); // cryptograph. secure random 
    keyGen.init(random); 
    SecretKey secretKey = keyGen.generateKey();

It would be great if the answer included an explanation of why it is a good way of generating the random key. Thanks!

How to create a secure random AES key in Java?

I&#39;m interested in building a small app for personal use that will encrypt and decrypt information on the client side using JavaScript.  The encrypted information will be stored in a database on a server, but never the decrypted version.

It doesn&#39;t have to be super duper secure, but I would like to use a currently unbroken algorithm.

Ideally I&#39;d be able to do something like

    var gibberish = encrypt(string, salt, key);

to generate the encoded string, and something like

    var sensical = decrypt(gibberish, key);

to decode it later.

So far I&#39;ve seen this:
http://bitwiseshiftleft.github.io/sjcl/

Any other libraries I should look at?

JavaScript string encryption and decryption?

In Main:

    public static void main(String[] args) throws NoSuchAlgorithmException {
        System.out.println(&quot;encrypt:&quot; + encryptPassword(&quot;superuser&quot;)+&quot;:&quot; );
    }
    	
    public static String encryptPassword(final String password) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance(&quot;MD5&quot;);
        byte[] hashPassword = md.digest(password.getBytes());
        String encryPass = Base64.encodeBase64String(hashPassword);
        return encryPass;
    }

I&#39;m getting this output:

    encrypt:C66i8K4gFQ23j1jN2sRCqQ==:

But when I implemented the same thing in my application I&#39;m getting the output below:

    encrypt:C66i8K4gFQ23j1jN2sRCqQ==
    :

**Note:** new line appending on my encrypted string.
 
application code:

    public boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials) {
        try {
            System.out.println(&quot;encrypt:&quot; + getHash(&quot;superuser&quot;)+&quot;:&quot; );
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new BadCredentialsAuthenticationException(ErrorConstants.CONNECTION_FAILED);
        }
    }

    private String getHash(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException{ 	
        MessageDigest md = MessageDigest.getInstance(&quot;MD5&quot;);
        byte[] hashPassword = md.digest(password.getBytes());
        String encryPass = Base64.encodeBase64String(hashPassword);
        return encryPass;
    }

How I can remove that extra new line.
why this is happened, please help me **what is the reason?** 

  [1]: http://i.stack.imgur.com/Gmj35.jpg

new line appending on my encrypted string

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

When I open the server.key file, I see that it begins with &quot;-----BEGIN PRIVATE KEY-----&quot;

I use the SSL cert on my server and everything looks fine.

Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth

    iam-servercertupload -b public_key_certificate_file  -k privatekey.pem -s certificate_object_name

I change the cert file names as required but keep getting this error: &quot;400 MalformedCertificate Invalid Private Key.&quot;

The interesting thing is, on the aws doc page, the sample private key that they show starts with &quot;-------Begin RSA Private Key--------&quot;

Is there a way to convert my private key to an RSA private key using openssl?

How to convert a private key to an RSA private key?

How can I transform between the two styles of public key format, 
one format is:

    -----BEGIN PUBLIC KEY-----
    ...
    -----END PUBLIC KEY-----

the other format is:

    -----BEGIN RSA PUBLIC KEY-----
    ...
    -----END RSA PUBLIC KEY-----

for example I generated id_rsa/id_rsa.pub pair using ssh-keygen command,
I calculated the public key from id_rsa using:

    openssl rsa -in id_rsa -pubout -out pub2 

then again I calculated the public key from id_rsa.pub using :

    ssh-keygen -f id_rsa.pub -e -m pem &gt; pub1

the content is pub1 is :

    -----BEGIN RSA PUBLIC KEY-----
    MIIBCgKCAQEA61BjmfXGEvWmegnBGSuS+rU9soUg2FnODva32D1AqhwdziwHINFa
    D1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBSEVCgJjtHAGZIm5GL/KA86KDp/CwDFMSw
    luowcXwDwoyinmeOY9eKyh6aY72xJh7noLBBq1N0bWi1e2i+83txOCg4yV2oVXhB
    o8pYEJ8LT3el6Smxol3C1oFMVdwPgc0vTl25XucMcG/ALE/KNY6pqC2AQ6R2ERlV
    gPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeulmCpGSynXNcpZ/06+vofGi/2MlpQZNhH
    Ao8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB
    -----END RSA PUBLIC KEY-----

and the content of pub2 is :

    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61BjmfXGEvWmegnBGSuS
    +rU9soUg2FnODva32D1AqhwdziwHINFaD1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBS
    EVCgJjtHAGZIm5GL/KA86KDp/CwDFMSwluowcXwDwoyinmeOY9eKyh6aY72xJh7n
    oLBBq1N0bWi1e2i+83txOCg4yV2oVXhBo8pYEJ8LT3el6Smxol3C1oFMVdwPgc0v
    Tl25XucMcG/ALE/KNY6pqC2AQ6R2ERlVgPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeu
    lmCpGSynXNcpZ/06+vofGi/2MlpQZNhHAo8eayMp6FcvNucIpUndo1X8dKMv3Y26
    ZQIDAQAB
    -----END PUBLIC KEY-----

According to my understanding, pub1 and pub2 contain the same public key information, but they are in different format, I wonder how can I transform between the two format? Can anyone show me some concise introduction on the tow formats?

How can I transform between the two styles of public key format, one &quot;BEGIN RSA PUBLIC KEY&quot;, the other is &quot;BEGIN PUBLIC KEY&quot;

I have a .key file which is PEM formatted private key file. I didn&#39;t make this file but I got this from somewhere.

I wanted to see its MD5 hash with openssl tool like below command.

    openssl rsa -in server.key -modulus -noout

But this generates below error.

    unable to load Private Key
    13440:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:648:Expecting: ANY PRIVATE KEY

Here&#39;s some asn1parse of the .key file.

    openssl asn1parse -in server.key
    0:d=0  hl=4 l= 603 cons: SEQUENCE
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=3 l= 129 prim: INTEGER           :C141201603899993919CBAA56985E9C7
    C6A2AF713A02F5FE88D38CEFBED9304599689280B84B0AB577A9719CA20DDA1246A894AF397A2C57
    EE5A582B036CC367E3667454DCD82DBDBF187C35FE39F61C71B517DDDF576F5471B4EC2E045E0F9D
    619F5616C4E832F00CBD0DBF41B4BA3CBC4B4B603AE1FE61965917DA732E0DEF
    139:d=1  hl=2 l=   3 prim: INTEGER           :010001
    144:d=1  hl=3 l= 128 prim: INTEGER           :1687B9AE67562CEDEBDD7A531B84CDB7
    093CE138519B93C34B7F626076FF0A262B16EA71904ACB6251A39307C04ADE202055BA13DD9F1539
    6123EE408183361A9BC08B9413FA360EA928E48CC3F52B33ACF2980758F02BA2139F652F30A257C2
    2E45D7C25835FC4D22B9ECECC12AB632318D4F47E1EBDAD9781B96BCFF03A2D1
    
     ...

Is there anything more I can try?


Unable to load Private Key. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY)

In order to generate a 32 character token for access to our API we currently use:

    $token = md5(uniqid(mt_rand(), true));

I have read that this method is not cryptographically secure as it&#39;s based on the system clock, and that `openssl_random_pseudo_bytes` would be a better solution as it would be harder to predict.

If this is the case, what would the equivalent code look like?

I presume something like this, but I don&#39;t know if this is right...

    $token = md5(openssl_random_pseudo_bytes(32));

Also what length makes sense that I should pass to the function?

Generating cryptographically secure tokens

I already have purchased SSL certificate and i have received certificate and a .pem file as a private key? from the supplier; now i need to convert this .pem key into .key for bitnami Redmine Apache web server in order to make it work.

How do I go about doing this what what program or commands to do this?  I am a newbie in terms of using Openssl etc to do this.

Any advice would be much appreciated!

Thank you.

How to convert .pem into .key?

I am trying to get a better grapple on how public/private keys work. I understand that a sender may add a digital signature to a document using his/her private key to essentially obtain a hash of the document, but what I do not understand is how the public key can be used to verify that signature. 

My understanding was that public keys encrypt, private keys decrypt... can anyone help me understand? 


How does a public key verify a signature?

Hi I was writing a program that imports private keys from a `.pem` file and create a private key object to use it later..
the problem I have faced is that some `pem` files header begin with 

    -----BEGIN PRIVATE KEY-----

while others begin with

    -----BEGIN RSA PRIVATE KEY-----

through my search I knew that the first ones are `PKCS#8` formatted but I couldn&#39;t know what format does the other one belongs to.



Differences between &quot;BEGIN RSA PRIVATE KEY&quot; and &quot;BEGIN PRIVATE KEY&quot;

The problem with ssh authentication:

    ==&gt; default: Clearing any previously set forwarded ports...
    ==&gt; default: Clearing any previously set network interfaces...
    ==&gt; default: Preparing network interfaces based on configuration...
        default: Adapter 1: nat
        default: Adapter 2: bridged
    ==&gt; default: Forwarding ports...
        default: 22 =&gt; 2222 (adapter 1)
    ==&gt; default: Booting VM...
    ==&gt; default: Waiting for machine to boot. This may take a few minutes...
        default: SSH address: 127.0.0.1:2222
        default: SSH username: vagrant
        default: SSH auth method: private key
        default: Error: Connection timeout. Retrying...
        default: Error: Connection timeout. Retrying...
        default: Error: Connection timeout. Retrying...
        default: Error: Connection timeout. Retrying...
        default: Error: Authentication failure. Retrying...
        default: Error: Authentication failure. Retrying...
        default: Error: Authentication failure. Retrying...
        default: Error: Authentication failure. Retrying...
        default: Error: Authentication failure. Retrying...

I can `Ctrl+C` out of the authentication loop and then successfully ssh in manually.

I performed the following steps on the guest box:

 - Enabled `Remote Login` for `All Users`.
   
 - Created the `~/.ssh` directory with `0700` permissions.
   
 - Created the `~/.ssh/authorized_keys` file with `0600` permissions.
   
 - Pasted [this public key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant.pub)
   into `~/.ssh/authorized_keys`

I&#39;ve also tried using a private (hostonly) network instead of the public (bridged) network, using this line in the Vagrantfile:

`config.vm.network &quot;private_network&quot;, ip: &quot;172.16.177.7&quot;`

I get the same output (except `Adapter 2: hostonly`) but then cannot ssh in manually.

I also tried `config.vm.network &quot;private_network&quot;, ip: &quot;10.0.0.100&quot;`.

I also tried setting `config.ssh.password` in the Vagrantfile. This does output `SSH auth method: password` but still doesn&#39;t authenticate.

And I also tried rebuilding the box and rechecking all the above.

It looks like [others have had success with this configuration](https://groups.google.com/forum/#!topic/vagrant-up/HKL0FXR6QmE), so there must be something I&#39;m doing wrong.

I [found this thread](https://stackoverflow.com/questions/22575261/vagrant-stuck-connection-timeout-retrying) and enabled the GUI, but that doesn&#39;t help.

Vagrant ssh authentication failure

The implementation of key handling with (Tortoise)Git for Windows confuses me. As far as I understood, you can implement with either `ssh.exe` (gits own ssh program), where you can then choose an ssh key per host in your `ssh_config` in the &#39;faked&#39; home dir. For me, that is not really applicable, because I have multiple Bitbucket accounts using different keys but all the same host.  
  
Then there is a way to use `TortoiseGitPlink`. You basically set up pageant with a putty generated key and let TortoiseGit use that one - with the environment variable `SSH_GIT` set to your TortoiseGitPlink.exe).  
  
Now my question is the following: I just created an ssh2 rsa key with default options using `ssh-keygen -t rsa -f ~/.ssh/rsa_key` command in GitBash. I tried loading this file into `pageant.exe` by using its GUI. I got the error: `Couldn&#39;t load this key (OpenSSH-SSH-2 private key)`.  

What is the problem with this key? Made in GitBash it should adhere all standard openSSH guidelines. Is it correct that there are differences in puTTY keys and openSSH keys?

Pageant does not load SSH-2 key generated with GitBash

I tried and tried to generate a .pem file, every time generating certificates from the client&#39;s account and then generating the .pem file using the terminal, but it&#39;s of no use. Can anyone give a step-by-step procedure?

Generate .pem file used to set up Apple Push Notifications

I am messing with login form right now with node.js, I tried creating a pem key and csr using 

    openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

However I been getting errors for running node server.js

Here is my server.js

    var http = require(&#39;http&#39;),
    	express = require(&#39;express&#39;),
	UserServer = require(&#39;./lib/user-server&#39;);
	
    var https = require(&#39;https&#39;);
    var fs = require(&#39;fs&#39;);

    var options = {
      key: fs.readFileSync(&#39;./key.pem&#39;, &#39;utf8&#39;),
      cert: fs.readFileSync(&#39;./csr.pem&#39;, &#39;utf8&#39;)
    };

    var app = express();
  
    app.configure(function(){
      app.use(express.bodyParser());
      app.use(app.router);
      app.use(express.static(__dirname + &#39;/public&#39;));
    });

    var httpserver = http.createServer(app).listen(&#39;3004&#39;, &#39;127.0.0.1&#39;);
    var https_server = https.createServer(options, app).listen(&#39;3005&#39;, &#39;127.0.0.1&#39;);
    UserServer.listen(https_server);

Here is the error

    crypto.js:104
      if (options.cert) c.context.setCert(options.cert);
                              ^
    Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
        at Object.exports.createCredentials (crypto.js:104:31)
        at Server (tls.js:1107:28)
        at new Server (https.js:35:14)
        at Object.exports.createServer (https.js:54:10)


I tried running 

    openssl x509 -text -inform DER -in key.pem

It gives

    unable to load certificate
    140735208206812:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
    140735208206812:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509




I am not exactly sure what does the error mean as my encryption file is .pem file already, so any help would be much appreciated.

Thanks





Node.js https pem error: routines:PEM_read_bio:no start line

I have an instance of System.Security.Cryptography.RSACryptoServiceProvider, i need to export it&#39;s key to a PEM string - like this:

    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQDUNPB6Lvx+tlP5QhSikADl71AjZf9KN31qrDpXNDNHEI0OTVJ1
    OaP2l56bSKNo8trFne1NK/B4JzCuNP8x6oGCAG+7bFgkbTMzV2PCoDCRjNH957Q4
    Gxgx1VoS6PjD3OigZnx5b9Hebbp3OrTuqNZaK/oLPGr5swxHILFVeHKupQIDAQAB
    AoGAQk3MOZEGyZy0fjQ8eFKgRTfSBU1wR8Mwx6zKicbAotq0CBz2v7Pj3D+higlX
    LYp7+rUOmUc6WoB8QGJEvlb0YZVxUg1yDLMWYPE7ddsHsOkBIs7zIyS6cqhn0yZD
    VTRFjVST/EduvpUOL5hbyLSwuq+rbv0iPwGW5hkCHNEhx2ECQQDfLS5549wjiFXF
    gcio8g715eMT+20we3YmgMJDcviMGwN/mArvnBgBQsFtCTsMoOxm68SfIrBYlKYy
    BsFxn+19AkEA82q83pmcbGJRJ3ZMC/Pv+/+/XNFOvMkfT9qbuA6Lv69Z1yk7I1ie
    FTH6tOmPUu4WsIOFtDuYbfV2pvpqx7GuSQJAK3SnvRIyNjUAxoF76fGgGh9WNPjb
    DPqtSdf+e5Wycc18w+Z+EqPpRK2T7kBC4DWhcnTsBzSA8+6V4d3Q4ugKHQJATRhw
    a3xxm65kD8CbA2omh0UQQgCVFJwKy8rsaRZKUtLh/JC1h1No9kOXKTeUSmrYSt3N
    OjFp7OHCy84ihc8T6QJBANe+9xkN9hJYNK1pL1kSwXNuebzcgk3AMwHh7ThvjLgO
    jruxbM2NyMM5tl9NZCgh1vKc2v5VaonqM1NBQPDeTTw=
    -----END RSA PRIVATE KEY-----
But there is no such option according to the MSDN documentation, there is only some kind of XML export. I can&#39;t use any third party libraries like BouncyCastle.
Is there any way to generate this string? 

C# Export Private/Public RSA key from RSACryptoServiceProvider to PEM string

Where should I keep this file for security? At the moment it is on my desktop - should I put it somewhere else?





Content Type	Original Author	Original Content on Stackoverflow
Question	Alex	View Question on Stackoverflow
Solution 1 - Encryption	Nickolay Olshevsky	View Answer on Stackoverflow

PEM_read_bio_PrivateKey() returns NULL in ECB mode only

Encryption Problem Overview

Encryption Solutions

Solution 1 - Encryption

How can I target only Internet Explorer 11 with JavaScript?

Validate form field only on submit or user input

Attributions