ASN1 | An ASN.1 Library for PHP | TLS library

With pem key you can use this simple way:

I was able to sort the above issue and few other ClassNotFoundException by copying the following jar files from extlib to lib. Both folder are in oozie_install/oozie-5.2.1.

• libext/hadoop-common-2.6.0.jar
• libext/commons-configuration-1.6.jar
• libext/hadoop-mapreduce-client-core-2.6.0.jar
• libext/hadoop-hdfs-2.6.0.jar

While I am not sure how many more jars need to be moved from libext to lib while I try to run an example workflow/job in oozie. This fix brought up Oozie web site at http://localhost:11000/oozie/

I am also not sure why Oozie doesn't load the libraries in the libext/ folder.

The first key posted is a public key in X.509/SPKI format (PEM encoded), which contains the actual key in uncompressed format 0x04 + + .
The key derived from this using the OpenSSL statement is also a public key in X.509/SPKI format, but contains the actual key in compressed format 0x02 + or 0x03 + for even or odd y, respectively. This format also contains the complete information, since for a given curve an uncompressed key can be derived from a compressed key.
X.509/SPKI keys can be parsed with an ASN.1 parser (in addition to OpenSSL), e.g. online: https://lapo.it/asn1js.

In Python, an X.509/SPKI key with uncompressed key can be converted to an X.509/SPKI key with compressed key using the PyCryptodome library, see export_key():

It seemed odd that the performance of a common Haskell library was so slow for me, but somehow this approach solved my concerns:

I found that the performance of my executable was faster when I used stack install to copy the binaries:

Yesterday I tried to install Ejabberd first through souce code

Just curiosity: what problems did you find, that prefered to use the Ubuntu package?

Did you install from source code? If so, did you later uninstall it? Maybe uninstallation left some files there (there was some bug related to that in make uninstall)... it will help if you can take a look at the installation paths and remove the remaining ejabberd files and directories, specially the file ejabberdctl.

and then with Ubuntu specific packages

Well, it could be that both installations get mixed... or maybe the Ubuntu package has some problem unrelated to your previous installation. Keep all investigation lines open :)

{"init terminating in [do_boot",{undef,[{ejabberd_ctl,start,[],

This error message says that erlang cannot find the file ejabberd_ctl.beam, or that the file doesn't define the function start.

Just a wild idea: maybe you are running the "ejabberdctl" script from source installation (pointing to the old ejabberd beam files), but now you have the ejabberd beam files installed in a different location (by the Ubuntu package).

Ok, I think I found the mistake.

In

The public key is given in uncompressed format: 0x04 + + .

A format for a public key suitable for verification with OpenSSL is X.509/SPKI. As far as I know, OpenSSL cannot convert between the two formats. But the conversion can easily be done manually.

The X509/SPKI format contains the uncompressed key at the end, the front part is identical for a certain curve e.g. secp224r1:

The posted private key is a PEM encoded PKCS#1 key that is encrypted.

RSA.ImportRSAPrivateKey() can only import unencrypted keys of this format that are furthermore DER encoded. The DER encoding results from the PEM encoding by removing the header and footer and Base64 decoding the rest.

As far as I know, an encrypted PKCS#1 key cannot be imported with .NET Core 3.1 on-board means. But an import is possible with BouncyCastle and its Org.BouncyCastle.OpenSsl.PemReader class, see e.g. here.

Unlike the PKCS#1 format, a DER encoded private key in PKCS#8 format can be imported with .NET Core 3.1 out of the box (RSA.ImportPkcs8PrivateKey()), even if it is encrypted (RSA.ImportEncryptedPkcs8PrivateKey()).
Keys of this format can be generated e.g. with openssl genpkey. With OpenSSL it is also possible to convert between the formats.

1.2.840.113549.1.5.3 is PBEwithMD5andDES-CBC, one of the PBES1 schemes in PKCS5. MD5 is not NIST-approved and cannot generally be used in FIPS mode (there are some specific exceptions like the TLS1.0-1 PRF). (Single/classic) DES was NIST-approved but withdrawn in the early oughties, and anyway it's completely broken.

I'm going to guess you or someone created this PKCS8 with openssl pkcs8 -topk8 in an older version -- it defaulted to this scheme, which was barely reasonable when OpenSSL (then SSLeay) was created in the 1990s but retained past its sell-by date. 1.1.0 (released 2016) up changes the default to PBES2 with hmac-sha256 and aes-256-cbc, and in lower versions you can specify -v2 aes-256-cbc for PBES2 (but hmac-sha1 for the PRF, which TTBOMK is still FIPS and actually secure even though sha1 signatures or at least certificates are broken and generally prohibited since about 2015).

BouncyCastle can read (and decrypt) PBES2 correctly since more or less forever, but the standard providers in Java versions below 11.0.1 mishandle all PBES2, and even after that they don't handle all cases. If these are concerns, -v1 PBE-SHA1-3DES (which is actually a PKCS12 scheme not PKCS5v1, but OpenSSL lumps them together) should be good for FIPS and compatible with both BouncyCastle and standard providers.