I need to get the private key out of my Domino kyr file, to import into another server. The key should be in the best case pkcs12 format. I am aware of the IKEYMAN tool by IBM. However, I cannot use that because I don't have access to a 32-bit windows XP. And unfortunately, only version 5 can understand the kyr format.
It is a very strange conundrum. I hope somebody can help me out.
Just download "kyrtool" from IBM and put it in the appropriate directory. This download contains versions for windows and linux.
Use the show keys command as described in this link to show the private key in Base64 Format. You can then simply convert it into anything you need with e.g. Openssl.
Related
is there a way in loadrunner where we can use .pfx certificate? I know web_set_certificate_ex() only accepts .pem as a format. but what if the application server is not accepting .pem format and only .pfx format. is there any provision where in we can use .pfx?
See Virtual User Guide, Advanced topics, creating virtual users with visual studio.
Once you have access to a full development environment you can use even the client source, along with whatever certificate model you desire.
You may consider to convert between different formats via openssl tools. I found more details here.
I have been assigned a task to create a environment setup which a piece of java program uses. This piece of java program uses sqlldr to bulk upload the data into database.
Now the client's machine already has Oracle InstantClient 18.5 version configured. To the existing config I have to add sqlldr using the Tools Package (RPM) provided by Oracle oracle-instantclient18.5-tools-18.5.0.0.0-3.x86_64.rpm. Correct? There is a .zip file available as well on the website.
Now I do not know how to do that. I have normally installed software using yum or apt-get. Can anyone please help me.
Here is the existing config which could be of concern, I do not wanna disturb the other setups apart from what I wanna add to it.
ORACLE_HOME= /opt/oracle/instantclient_18_5/
ORACLE_BASE= /opt/oracle/instantclient_18_5/
LD_LIBRARY_PATH = /usr/local/lib/:/opt/oracle/instantclient_18_5/:
Questions:
Now do I need to download this .rpm file onto the server?
If download then download in /tmp folder, then next? Do I need to install anything else? If yes how can I verify if my current setup already do not have that?
Once installed any post configurations need to be done specially for sqlldr to run?
Please help! Thanks!
It looks like you have Instant Client from ZIP files. (If it was instead from RPMs, you would have the files in /usr/lib/oracle/18.5/client64/...).
So simply unzip the Tools ZIP file so its contents are in your /opt/oracle/instantclient_18_5 directory, and make sure this directory is in your PATH.
Because you are using Instant Client you should unset ORACLE_HOME and ORACLE_BASE. The former can cause problems if it is set with Instant Client.
In general, follow the Instant Client installation instructions at the foot of the download page.
Also look at using Instant Client 19, which is a Long Term Support version and will connect to the same databases as Instant Client 18. Notice that there are no new Instant Client 18 "Release Updates" being released (though you could build them yourself, if needed).
[enter image description here][1]I am stuck in setting up merge tool based on mime-types in TortoiseSVN.
It works fine when setting up the merge tool (KDiff3) based on file extensions, like .xml. However, it doesn't work when trying to assotiate with mime-types, referring to TortoiseSVN's help document:
To associate using a file extension, you need to specify the extension. Use .bmp to describe Windows bitmap files. To associate using the svn:mime-type property, specify the mime type, including a slash, for example text/xml.
I'm not sure if this is a bug of TortoiseSVN, or I misunderstood the help document.
Can anybody shed me some light? Thanks.
I'm using Windows 7, 64bit, TortoiseSVN 1.9.4.
(I'm new enough in StackOverflow that I am not able to post picture yet. Orz)
It would appear that VS2012 uses PFX files for signing instead of SNK files. I get the impression this is related to delayed signing; but I don't care.
When I build my application, I can use "sn -tp <my assembly>" and see it is signed.
When I ilmerge the debug folder and use the /keyfile directive (the way I was successfully doing with SNK files), the DLLs merge into one unsigned DLL.
I have read articles suggesting clever workarounds, such as extracting the public key from the original DLL and then using this in the /keyfile directive...which also failed to allow me to create a strongly signed DLL.
So, what do I need to do to get ilmerge to work with the PFX file so that my assembly will be strongly typed?
Thanks
I recently was attempting to do just the same thing (this time with VS 2015, but I am sure the results are the same).
PFX files are password-protected by default and ILMerge (at the time of this writing) does not appear to support them.
Manual Signing
The "clever workaround" as you describe it is presented here, and it appears to be the only way to accomplish this:
>sn -p some.pfx some.pub
>ilmerge /keyfile:some.pub /delaysign /out:merged\some.dll some.dll
>sn -R merged\some.dll some.pfx
Note that extracting the public key from the PFX file requires user input - allegedly it was previously possible to pipe in the password, but the current version of sn.exe does not permit console redirection.
Automated (CI Build System) Signing
In order to strong sign ILMerged assemblies in an automated way, it is necessary to install they key on the local build machine. This still requires user input in the form of password input, but only has to be done once per build machine.
As before, we need to extract the public key from the PFX file (this only has to be done once, and the PUB file can be saved alongside the PFX or even checked-in to source).
Here is the one-time setup code (both require password input):
>sn -p some.pfx some.pub
>sn -i some.pfx SomeContainerName
During the automated build, it is now possible to run:
>ilmerge /keyfile:some.pub /delaysign /out:merged\some.dll some.dll
>sn -Rc merged\some.dll SomeContainerName
Currently I generate an installer for a program using NSIS on a Linux machine. The NSIS binaries have been compiled for Ubuntu, and using the .nsi script presents no difficulties. However, the resulting setup.exe file is unsigned. This results in scary warnings for our users who download the installer via most common web browsers, as well as warnings from Windows itself when run.
We'd like to avoid these warnings, and unless I'm missing something, that requires using a Windows tool to sign the generated setup.exe file. Is there a way to do this on a non-Windows machine?
Unfortunately, each installer is unique (different files are bundled depending on the customer's request, and a unique ID included) so I cannot sign the installer on a Windows machine and then upload it.
Your best choice is probably the use of: osslsigncode. Built easily for me (make sure to have the OpenSSL headers available). It may have difficulties with the kernel mode signing policy, though (embedding the parent certs up to the root) - so you may still have to resort to WINE in the end.
I had to do it a few weeks ago, without using wine. What I did was to import the pfx file to windows and then exported it with "Include all certificates in the certificate path if possible" option. then I followed the instruction on this page .
After you have all the certs (spc and pvk files) you should use the following command:
signcode -spc [spc file] -v [pvk file] -a sha1 -$ commercial -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 [exe file to sign]
I had to install mono-dev pack:
sudo apt-get install mono-devel
Signing files for Windows uses Microsoft Authenticode signatures. There is a tool in the SDK that signs Executables and DLLs (signtool.exe). You might be able to run that using Wine.
It's also possible to sign files through Windows API calls - these functions might be implemented in Wine aswell, but I sort of doubt it because Authenticode is only used and implemented by Microsoft (as far as I know).
However this tool doesn't to very much - it basically appends the certificate and a signed timestamp at the end of the file. There might exist adaptations for Linux aswell.
Here is a link to someone who got it working using signcode.