Stack Overflow
Stack Overflow

Questions tagged [java-security]

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols including cryptography, public key infrastructure, secure communication, authentication, and access control

Java security technology is set of libraries, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs includes cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

399 questions
10
votes
3 answers

How to open a .ks file in windows?

I have a key.ks file that needs to be opened. Can someone please suggest how to open this file in windows. Can I use Keytool command?
Kishore
  • 317
  • 2
  • 4
  • 17
10
votes
9 answers

Java: InvalidAlgorithmParameterException Prime size must be multiple of 64

I implemented a Java program that will connect and execute a command in a remote server using JSCH. The problem is that whenever I tried to connect to the server, I got the following exception: com.jcraft.jsch.JSchException: Session.connect:…
Vaanz
  • 175
  • 1
  • 2
  • 14
10
votes
2 answers

Difference between non- final public static and non- final public instance fields in terms of security?

I am going through this link , OBJ10-J. Do not use public static nonfinal fields and it says that , Client code can trivially access public static fields because access to such fields are not checked by a security manager. what do they actually…
Sabir Khan
  • 9,826
  • 7
  • 45
  • 98
9
votes
1 answer

Why avoid Method.invoke?

In guideline 9-11 / ACCESS-11 Be aware java.lang.reflect.Method.invoke is ignored for checking the immediate caller of the Secure Coding Guidelines for Java SE, it is stated that the Method.invoke implementation is ignored when determining the…
Philippe
  • 101
  • 2
9
votes
2 answers

How to check caller class origin in SecurityManager?

I've got one ClassLoader for trusted application code and a seperate ClassLoader for user-submitted (untrusted) code. I want the user-submitted code to be restricted by the Security Manager. How do I check the caller origin from within the…
Henk Schurink
  • 419
  • 6
  • 17
9
votes
1 answer

Reading a PKCS#1 or SPKI public key in Java without libraries

I need to use a public key to verify some data in Java, but I can't seem to format the key in such a way that Java can use without third-party plugins. I'm generating the key with Node.js's crypto library, which gives me the option of PKCS#1 or…
Chris Watts
  • 6,197
  • 7
  • 49
  • 98
9
votes
1 answer

Create any PrivateKey instance (RSA or DSA or EC) from PKCS8 encoded data

I have an unencrypted PKCS8 encoded file that represents a Private Key. It can be any of these private key types - RSA, DSA or EC. I viewed these files in an ASN1 decoder (https://lapo.it/asn1js/) and I could see the type (RSA, DSA or EC) in the…
MediumOne
  • 804
  • 3
  • 11
  • 28
9
votes
0 answers

Is it safe to grant untrusted code "suppressAccessChecks" when -illegal-access=deny is set?

Without illegal access (--illegal-access=deny) and denying access to jdk.unsupported (done using accessClassInPackage checks), it looks like the ReflectPermission "suppressAccessChecks" would not any longer lead to a full sandbox escape. Is that…
Johannes Kuhn
  • 14,778
  • 4
  • 49
  • 73
8
votes
2 answers

ES256 JWT validation - SignatureException: invalid encoding for signature: java.io.IOException: Sequence tag error

I have a JWT which is signed using Elliptic Curve ES256 am trying to validate…
Hugh Pearse
  • 699
  • 1
  • 7
  • 18
8
votes
2 answers

What's the best way to create a "good" SecureRandom?

There are a lot of questions asking if a specific initiation of SecureRandom is "good", but I couldn't find a rule of thumb. What's the best way to create a "good" random SecureRandom? // Fast // Is it a good random? SecureRandom secureRandom = new…
AlikElzin-kilaka
  • 34,335
  • 35
  • 194
  • 277
7
votes
0 answers

Can I change disabledAlgorithms for a JWS application?

Possible duplicate: java.security.properties in JNLP We have a desktop application that we start using Java WebStart. Starting with JDK 1.8.71, MD5 now disabled for X509 Certificate validating. Unfortunately we cannot change the certificates we're…
Vlad Topala
  • 896
  • 1
  • 8
  • 34
6
votes
1 answer

Tomcat 9.0 with security manager reports access denied on Windows

I started my Tomcat 9.0 on Windows 10 with: -Djava.security.manager -Djava.security.policy==C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\catalina.policy -Djava.security.debug=access,failure using a Connector of type…
PowerStat
  • 3,757
  • 8
  • 32
  • 57
6
votes
2 answers

How to Calculate Fingerprint From SSH RSA Public Key in Java?

As title, How to Calculate Fingerprint From SSH RSA Public Key in Java? I got an rsaPublicKey object from sample.pub and I calculated the fingerprint by using library Apache Commons Codec DigestUtils.sha256Hex(rsaPublicKey.getEncoded()); But I got…
linc01n
  • 418
  • 2
  • 6
  • 17
6
votes
1 answer

Reading information from the smart card by secure messaging

I have tachograph company card which is used to get the client authenticated before allowing him to download the data of the tachograph by the remote download. The used APDU command in my code below are commands of successfully authentication…
Mr Asker
  • 2,300
  • 11
  • 31
  • 56
5
votes
0 answers

How to set java security policy file to only avoid System.exit calls while executing JUnit tests via gradle?

I want to execute JUnit tests via gradle where I want to avoid invocation of System.exit() calls in these tests. I've read that setting a security policy file would do the trick. This is the security policy file that I am using grant { …
Abhijith Gururaj
  • 437
  • 4
  • 14
1
2
3
26 27