Cipher length
I'm a newbie in javacard.
Here is my problem.
I'm trying to encrypt a byte array of size 8. The cipher obtained is of length 16, But I was expecting this to be 8.
Here is my code
Cipher cipherinstance = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
DESKey deskey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
deskey.setKey(KEY_8_BYTES, (short)0);
outlength = cipherinstance.doFinal(temp, (short)0, (short)temp.length, res, (short)0);Size of 'temp' is 8, But 'outlength' is 16.
Is this the way encryption works ?
I need the cipher length to be 8 for further processing.
Any way out ?
Thanks for giving the right direction - Shane
This is the first time I see the document - cJDK_Users_Guide.pdf
Here is what the doc says:
Cryptography algorithms that are implemented for CREF and Java Card WDE
Cipher
• ALG_DES_CBC_ISO9797_M2—provides a cipher using DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV’96) scheme.
• ALG_RSA_PKCS1—provides a cipher using RSA. Input data is padded according to the PKCS#1 (v1.5) scheme.
• ALG_AES_BLOCK_128_CBC_NOPAD—provides a cipher using AES with block size 128 in CBC mode and does not pad input data.
Now that means, I have to wait for the card to test my code !
Similar Messages
-
Given final block not properly padded
I am working on an application that sends encrypted data over the network using Blowfish. I developed a simple server and client to test and I getting this error when I try to decrypt the cypher in the server. Here is what I do:
This happens on the client side:
I encrypt my message with this method
public byte[] encryptedMessage() throws Exception{
KeyGenerator keyGenerator = KeyGenerator.getInstance("Blowfish");
keyGenerator.init(128);
Key key = keyGenerator.generateKey();
Cipher cipher = Cipher.getInstance("Blowfish/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] plaintext = getMessage().getBytes("UTF8");
byte[] ciphertext = cipher.doFinal(plaintext);
return ciphertext;
}Then send it to the server like this:
//get my cypher from the method shown before
cipher = mc.encryptedMessage();
//put the cypher in this simple object
InformationShared cipherToSend = new InformationShared(cipher.length);
cipherToSend.setMessage(cipher);
//Send it accross through the network
Socket socket = new Socket("127.0.0.1",8085);
ObjectOutputStream out = new ObjectOutputStream(socket.getOutputStream());
out.writeObject(cipherToSend);This is what happens in the server side:
//Get the incoming object
ObjectInputStream in = new ObjectInputStream( incoming.getInputStream() );
//downcast the object
InformationShared cipherIn = (InformationShared)in.readObject();
//decypher the message in the decypher method
String result = decypher(cipherIn.getMessage());
//This is the decipher method
public String decypher(byte cipherIn[]) throws Exception{
KeyGenerator keyGenerator = KeyGenerator.getInstance("Blowfish");
keyGenerator.init(128); // need to initialize with the keysize
Key key = keyGenerator.generateKey();
Cipher ciph = Cipher.getInstance("Blowfish/ECB/PKCS5Padding");
ciph.init(Cipher.DECRYPT_MODE, key);
// Perform the decryption
byte[] decryptedText = ciph.doFinal(cipherIn);
String output = new String(decryptedText,"UTF8");;
return output;
}The error happens in the decypher method in this line:
byte[] decryptedText = ciph.doFinal(cipherIn);Thanks for any help!Hi
I am woriking on an web application that send Encrypted data over the network and stores into the databse.After that I want to retrieve that data from database then I want decrypt it by using DES.
After Encryting It is storing properly into the database but while retriving from database and want to decrypt it the It is giving exception like "javax.crypto.BadPaddingException: Given final block not properly padded"
For Encryption I am using one bean class tha are
package EncryptBean;
import java.util.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.spec.*;
import com.sun.crypto.provider.*;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;
import javax.crypto.*;
public class DesEncrypterBean {
Cipher ecipher;
Cipher dcipher;
public DesEncrypterBean(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES");
dcipher = Cipher.getInstance("DES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch(javax.crypto.NoSuchPaddingException e)
{System.out.println("NoSuchPaddingException : "+e);
} catch (java.security.NoSuchAlgorithmException e)
{System.out.println("NoSuchAlgorithmException : "+e);
} catch (java.security.InvalidKeyException e)
{System.out.println("InvalidKeyException : "+e); }
public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e) {
System.out.println("encrypt BadPaddingException : "+e);
} catch (IllegalBlockSizeException e) {
System.out.println(" encrypt IllegalBlockSizeException : "+e);
} catch (UnsupportedEncodingException e) {
System.out.println("encrypt UnsupportedEncodingException : "+e);
} catch (java.io.IOException e) {
System.out.println("encrypt IOException : "+e);
} return null;
public String decrypt(String str) {
try {
// Decode base64 to get bytes
// byte[] utf8 = str.getBytes("UTF8");
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e)
{System.out.println("encrypt BadPaddingException : "+e);
} catch (IllegalBlockSizeException e) {
System.out.println("encrypt IllegalBlockSizeException : "+e);
} catch (UnsupportedEncodingException e) {
System.out.println("encrypt UnsupportedEncodingException : "+e);
}catch (java.io.IOException e) {
System.out.println("encrypt IOException : "+e);
return null;
** By using bellow screen I am retrieving the data from screen and encrypting it and sended to the database I is working properly
import EncryptBean.DesEncrypterBean;
import java.util.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.spec.*;
import com.sun.crypto.provider.*;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import sun.misc.BASE64Encoder;
import javax.crypto.*;
public class Secure_Encrypt extends HttpServlet
Connection con=null;
Statement stmt=null;
Cipher ecipher;
Cipher dcipher;
String uname=null,pwd=null;
ServletOutputStream sos;
SecretKey key=null;
public void doPost(HttpServletRequest req, HttpServletResponse res)throws ServletException,IOException
uname=req.getParameter("username"); pwd=req.getParameter("password");
try
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con=DriverManager.getConnection("jdbc:odbc:GMT","sa","iqm");
stmt=con.createStatement();
sos=res.getOutputStream();
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.
key = KeyGenerator.getInstance("DES").generateKey();
// Create encrypter/decrypter class
DesEncrypterBean encrypter = new DesEncrypterBean(key);
// Encrypt
String encrypted = encrypter.encrypt(uname);
System.out.println("Don't tell anybody! "+encrypted);
stmt.execute("insert into Admin(UserName,Passward) values('"+encrypted+"','"+encrypted+"')");
System.out.println("......record saved");
sos.println("Record Saved : "+encrypted);
catch(Exception e)
{System.out.println("Exception in login" +e);}
In above Programe Woking Properly
** Bellow programe using for retrieving data from database.After retrieving data I want Decrypt it but not working properly
import EncryptBean.DesEncrypterBean;
import java.util.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.spec.*;
import com.sun.crypto.provider.*;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import sun.misc.BASE64Encoder;
import javax.crypto.*;
public class Secure extends HttpServlet
Connection con=null;
Statement stmt=null;
Cipher ecipher;
Cipher dcipher;
String uname=null,pwd=null;
ServletOutputStream sos;
SecretKey key=null;
public void doPost(HttpServletRequest req, HttpServletResponse res)throws ServletException,IOException
try
{Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con=DriverManager.getConnection("jdbc:odbc:GMT","sa","iqm");
stmt=con.createStatement();
ResultSet rs=stmt.executeQuery("select UserName,Passward from Admin");
while(rs.next())
uname=rs.getString(1);
pwd=rs.getString(2);
sos=res.getOutputStream();
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.
key = KeyGenerator.getInstance("DES").generateKey();
// Create encrypter/decrypter class
DesEncrypterBean encrypter = new DesEncrypterBean(key);
// Decrypt
uname=uname.trim();
String decrypted = encrypter.decrypt(uname);
System.out.println("Original message is! "+decrypted);
}catch(Exception e)
{System.out.println("Exception in login" +e);
In above Programe giving Exception " javax.crypto.BadPaddingException: Given final block not properly padded"
Please analyze my application and send me suitable solution for decryption
one more thing When I encrypting that time KeyGenerator generating one key.same as when I Decrypting that time also KeyGenerator generating one key but both are not same.
How can we generate both key are same -
Hi,
I use the BOINC client, and am a contributor to the World Community Grid project on my Archlinux computer, but a few days ago (around september 7th), I was suddenly unable to download any new tasks for my BOINC client. Thinking it might be BOINC-related, or even WCG-related, I went on to the WCG forums where it appeared that the problem was Archlinux-related, and more specifically openssl-related. Since there's only two of us experiencing this problem and reporting it, it might be just a strike of luck though...
What we worked out so far on the WCG forums: the trouble seem to have appeared around september 7th, around which time a cache corruption seems to have appeared in WCG servers. The cache was cleared around september 10, but the issue persisted for Archlinux user.
Moving libssl.so.1.0.0 and libcrypto.so.1.0.0 to another place, and making symliks to their 0.9.8 counterpart solved the issue. Though i'm not a strong fan of symlinking, since it's usually just a lot more trouble down the road...
Here is a link to a full session of BOINC logs: http://pastebin.com/ewypnBS7
Here are a few parts that seemed relevant to me, about the download :
10-Sep-2012 02:12:11 [World Community Grid] [http] [ID#3] Info: SSLv3, TLS handshake, Client hello (1):
10-Sep-2012 02:12:12 [World Community Grid] [http] [ID#2] Info: Unknown SSL protocol error in connection to download.worldcommunitygrid.org:443
10-Sep-2012 02:12:12 [World Community Grid] [http] [ID#2] Info: Closing connection #0
10-Sep-2012 02:12:12 [World Community Grid] [http] HTTP error: SSL connect error
10-Sep-2012 02:12:12 [World Community Grid] [http] [ID#3] Info: Unknown SSL protocol error in connection to download.worldcommunitygrid.org:443
10-Sep-2012 02:12:12 [World Community Grid] [http] [ID#3] Info: Closing connection #1
10-Sep-2012 02:12:12 [---] [http] [ID#0] Info: Connection #2 to host www.worldcommunitygrid.org left intact
10-Sep-2012 02:12:12 [World Community Grid] Temporarily failed download of hcc1_image01_6.40.tga: transient HTTP error
Also, the link to the original thread on the WCG forums.
So my questions are these: 1) is there any tweaking done on Archlinux part to those openssl lib that might explain why we seem to be the only distribution having this problem ? And if so, would I be able to get a more "vanilla" version using makepkg ?
2) Is there any way I could force BOINC to use the older version of those libs, while not making a system-wide change like would happen with symlinks ?
Thanks to anyone who will be able to provide any help on the matter.
[EDIT] I'll add that my system is kept regularly up-to-date, and that no major update was done on my part around the date where things broke. My system is also up-to-date as of now, and I've tried reinstalling openssl, to no avail.
[EDIT2] I'll also add that my connection to the internet is wired, so it's most definitely not the reported problem about the wireless driver.
Last edited by Azriel (2012-09-12 02:54:15)Great news !, ok I'll test it for a couple of days, and if all is still going well, I'll have to file a bug report since it effects two Archlinux packages.
Edit:
I've rebooted, BOINC has finished some work units, and successfully downloaded more today, so I'll assume the workaround fixed things, and as Ubuntu configures and compiles with this flag by default, I went ahead and made a bug report here.
I also came across this recent forum post, it could be a possible third user effected.
Edit 2:
According to the OpenSSL CVS website the change added to enable these flags, here, was added to 1.0.1a, it mentions that two options can be used, one is the workaround to specify cipher length (which we added above), if that fails there is choice of another flag 'OPENSSL_NO_TLS1_2_CLIENT', this is where it gets strange, Archlinux already includes this flag in the default PKGBUILD as: '-DOPENSSL_NO_TLS1_2_CLIENT', what this doe's is disable TLS 1.2 client support entirely. So by adding both flags I don't know what exactly is happening, my guess is, as things have started working, is that the cipher length option has overidden, and this must mean that WCG now require the use of TLS 1.2?.
Edit 3:
OK, it seems like Ubuntu apply both options as well:
- debian/patches/tls12_workarounds.patch: workaround large client hello
issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and
with -DOPENSSL_NO_TLS1_2_CLIENT.
from here
Last edited by Peaceseeker (2012-09-13 22:12:05) -
Unexplained JFrame loading problems
I keep getting a problem whenever i try and use a window that i extended off of JFrame. By its self the frame works perfectly, but when i actually try to use it for the purpose intended, the winow pops up, and is in the right spot, but nothing i put in it is visible. Any ideas?
The class in question is called "PassFrame". It runs into the problem on lines 239-240 where i try to use it.
import java.util.*;
import java.awt.*;
import javax.swing.*;
import java.awt.event.*;
public class Secrecy {
private int[] code;
private int[] cipher;
private Dice dice;
private GUI gui;
private PassFrame passframe;
public static final char SPACE = ' ';
//if encrypting, crypt is true, decrypting, crypt is false
//crypt is set to true by default
boolean crypt = true;
public Secrecy() {
code = new int[93];
cipher = new int[93];
dice = new Dice(93);
void setUp() {
for(int i = 0; i < code.length; i++) {
code[i] = 32+i;
code[i] = -1;
public void setSeed(char[] c) {
dice.setSeed(seedSetter(c));
public int seedSetter(char[] pass) {
int i = 0;
for(int j = 0; j < pass.length; j++) {
i += (int)pass[j];
return i;
static void frameWait(JFrame frame) {
while(frame.isVisible()) {
nap(100);
static void fileChooserWait(JFileChooser chooser) {
while(chooser.isVisible()) {
nap(100);
void generateCipher() {
for(int i = 0; i < cipher.length; i++) {
int go = dice.roll();
if(cipher[go] == -1) {
cipher[go] = code;
//takes input string and converts it using substitution of a different char sequence, then returns converted string
String encrypt(String s) {
String now = "";
for(int i = 0; i < s.length(); i++) {
char c = s.charAt(i);
now += findMatch(c, crypt);
return now;
//looks through one char array to find a match of input char'c', returns corresponding char in different char array
public int findMatch(char c, boolean b) {
if(b) {
for(int j = 0; j < code.length; j++) {
if((int)c == code[j]) {
return cipher[j];
}else{
for(int j = 0; j < cipher.length; j++) {
if((int)c == cipher[j]) {
return code[j];
return (int)SPACE;
void runEncryption(JTextArea area, char[] password) {
setSeed(password);
String now = encrypt(area.getText());
area.setText(now);
static void nap(int ms) {
try{
Thread.currentThread().sleep(ms);
}catch (InterruptedException ivt) {
static void center(JFrame frame) {
Toolkit tk = Toolkit.getDefaultToolkit();
Dimension d = tk.getScreenSize();
frame.setLocation((d.width/2) - (frame.getWidth()/2), (d.height/2) - (frame.getHeight()/2));
void runChooser() {
ChooserFrame chooser = new ChooserFrame();
fileChooserWait(chooser);
void runPass(JTextArea area) {
passframe.show();
while(passframe.isVisible()) {
nap(100);
char[] c = passframe.getPassword();
setSeed(c);
generateCipher();
encrypt(area.getText());
void run() {
gui = new GUI(this);
gui.show();
public static void main(String[] args) {
Secrecy sec = new Secrecy();
sec.run();
class PassFrame extends JFrame {
private int length = 16;
private char[] password;
private JLabel label = new JLabel("Please enter your Password");
private JPasswordField jpf = new JPasswordField(length);
private JPanel panel = new JPanel();
public PassFrame() {
setTitle("Password");
setResizable(false);
panel.add(label);
jpf.addKeyListener(new KeyAdapter() {
public void keyPressed(KeyEvent kvt) {
int code = kvt.getKeyCode();
if(code == KeyEvent.VK_ENTER) {
password = jpf.getPassword();
hide();
addWindowListener(new WindowAdapter() {
public void windowClosing(WindowEvent evt) {
WindowCloser wc = new WindowCloser();
panel.add(jpf);
getContentPane().add(panel);
pack();
Secrecy.center(this);
public char[] getPassword() {
return password;
void run() {
Secrecy.center(this);
show();
Secrecy.frameWait(this);
if(password != null) {
System.out.println(password);
public static void main(String[] args) {
PassFrame pf = new PassFrame();
pf.run();
class ChooserFrame extends JFileChooser {
public ChooserFrame() {
class GUI extends JFrame {
private JButton encrypt;
private JButton open;
private JTextArea area;
private JPanel panel;
private JScrollPane pane;
private Secrecy prog;
public GUI(Secrecy sec) {
addWindowListener(new WindowAdapter() {
public void windowClosing(WindowEvent evt) {
WindowCloser wc = new WindowCloser();
prog = sec;
encrypt = new JButton("Encrypt");
open = new JButton("Open");
area = new JTextArea();
panel = new JPanel();
setup();
Secrecy.center(this);
public void setup() {
setupButtons();
setupText();
pack();
void setupButtons() {
encrypt.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
PassFrame pf = new PassFrame();
pf.show();
Secrecy.frameWait(pf);
System.out.println("Trying to run Encryption sequence");
prog.runEncryption(area, pf.getPassword());
open.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
prog.runChooser();
getContentPane().add(encrypt, BorderLayout.EAST);
getContentPane().add(open, BorderLayout.SOUTH);
void setupText() {
area = new JTextArea(10, 55);
area.setLineWrap(true);
area.setWrapStyleWord(true);
pane = new JScrollPane(area);
getContentPane().add(pane, BorderLayout.CENTER);
class Dice {
// random num generator
static Random r;
int sides;
private static long seedLockVal;
public Dice( int si ) {
sides = si;
public int roll() {
return d( sides ) + 1;
static {
setSeedLock();
public static int d( int what ) {
if ( what <= 1 ) return 0;
int val = r.nextInt() / 64;
int v = (int)( val % what );
if ( v < 0 ) v *= -1;
return v;
public static long setSeedLock() {
seedLockVal = System.currentTimeMillis();
r = new Random( seedLockVal );
return seedLockVal;
public static void setSeed( long val ) {
seedLockVal = val;
r = new Random( val );
class WindowCloser extends JFrame {
JButton ok;
JButton cancel;
JLabel check;
JLabel warning;
JPanel panel;
WindowCloser() {
setResizable(false);
check = new JLabel("Are you sure you wish to exit? You will lose all data.");
warning = new JLabel("Closing this window will exit the program.");
ok = new JButton("OK");
cancel = new JButton("Cancel");
ok.addActionListener( new ActionListener() {
public void actionPerformed(ActionEvent evt) {
System.exit(0);
cancel.addActionListener( new ActionListener() {
public void actionPerformed(ActionEvent evt) {
hide();
addWindowListener(new WindowAdapter() {
public void windowClosing(WindowEvent evt) {
System.exit(0);
panel = new JPanel();
panel.add(check);
panel.add(warning);
panel.add(ok);
panel.add(cancel);
getContentPane().add(panel);
pack();
Secrecy.center(this);
show();
public static void main(String[] args) {
WindowCloser wc = new WindowCloser();Oh shit...
Please post concise pieces of code where problems occur.
Just a few remarks:
static void fileChooserWait(JFileChooser chooser) {
while(chooser.isVisible()) {
nap(100);
}If you use JFileChooser#showXXXDialog, the method will block until the dialog has been disposed of (closed).
WindowCloser() {
setResizable(false);
check = new JLabel("Are you sure you wish to exit?
t? You will lose all data.");
warning = new JLabel("Closing this window will exit
it the program.");
ok = new JButton("OK");
cancel = new JButton("Cancel");Have a look at the static methods of the javax.swing.JOptionPane class. They're pretty useful.
These remarks may not help you much, but I for one am not going to read all of this.
Oh, and please acknowledge the [url http://forum.java.sun.com/help.jspa?sec=formatting]Formatting tips and post your code between [code[b]][[b]code] blocks. -
Form Select with additional menus on call
I'm trying to figure out if Spry does this example where you
start with a drop down menu for a topic and if you want to add
another version of the same menu, you just click a '+' button and
it adds another field like a repeat region and keeps doing so as
long as you want to add more fields. I've seen it done in Ajax but
not in Spry. Anyone do this yet?
The idea is that I have a client who is a photographer and
he's got an order form with 25 of the exact same field with two
text input area on the left and a pull down on the right and it
would be so much cleaner to just have one and if the person making
the order wants to add more of the same areas or div's he can just
click a button and add more of the same fields.very helpful....
I saw that maybe my code wasn't java.... hence the posting in "new to java!" :)
Here is the code where my problem originated
original
<script type="text/javascript">
coded = "[email protected]"
cipher = "aZbYcXdWeVfUgThSiRjQkPlOmNnMoLpKqJrIsHtGuFvEwDxCyBzA1234567890"
shift=coded.length
link=""
for (i=0; i<coded.length; i++){
if (cipher.indexOf(coded.charAt(i))==-1){
ltr=coded.charAt(i)
link+=(ltr)
else {
ltr = (cipher.indexOf(coded.charAt(i))-shift+cipher.length) % cipher.length
link+=(cipher.charAt(ltr))
function get2(id) {
proj = document.getElementById(id).value;
if (proj == 'contact')
location.href = 'mail\u0074o\u003a'+link;
else
location.href = proj;
</script>+
<select name="url" class="sel" id="select" onChange="get2('select')">
<option value="image-1" >1</option>
<option value="image-2" >2</option>
<option value="image-3" >3</option>
</select> -
Maximum TDES length data to cipher
Hi,
I have been testing with the creation of TDES keys, and using to cipher data, and with the results I'm receiving i'm wondering If there is any limit on TripleDes with the length of the data to cipher because I'm only able to cipher data from 8,16 bytes, up to 32 it returns me an 6F00 error also doing a try catch:
cipher= Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD,false);
cipher.init(des,Cipher.MODE_DECRYPT,new byte[]{0,0,0,0,0,0,0,0},(short)0,(short)8);
try{
cipheredataL=cipher.doFinal(data2cipher,(short)0, (short)32, randomD_cipher, (short)0);
}catch(CryptoException crypto){
if (crypto.getReason() == CryptoException.UNINITIALIZED_KEY)
ISOException.throwIt(ISO7816.SW_FILE_FULL);
else if (crypto.getReason() == CryptoException.INVALID_INIT)
ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
else if (crypto.getReason() == CryptoException.ILLEGAL_USE)
ISOException.throwIt(ISO7816.SW_FILE_INVALID);
else
ISOException.throwIt(ISO7816.SW_RECORD_NOT_FOUND);
Thanks for your help another time :)I am not aware of a size limit for<tt> cipher.doFinal </tt>.
Could it be that your<tt> data2cipher </tt> variable is shorter than 32 bytes, or/and its allocation fails? -
Java Client AUthentication to IIS 5 server throwing no IV for Cipher error
I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
error no IV for Cipher.
I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
Any help is greatly appreciated.
Thanks
Here is the debug report
trustStore is: C:\JTEST\cacerts
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x5b0bf
Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Algorithm: RSA; Serial number: 0xe2501de73ac37428
Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(50000) called
TIMEOUT=50000
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 873
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
CONNECTION KEYGEN:
Client Nonce:
0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
Server Nonce:
0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
Master Secret:
0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
Client MAC write Secret:
0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
Server MAC write Secret:
0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
Client write key:
0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
Server write key:
0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(50000) called
main, WRITE: TLSv1 Application Data, length = 96
main, setSoTimeout(50000) called
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 11432
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
<CN=VeriSign Class 3I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
If someone has the solution to this problem, send a repy or at [email protected]
Thanks in advance -
Cannot decrypt RSA encrypted text : due to : input too large for RSA cipher
Hi,
I am in a fix trying to decrypt this RSA encrypted String ... plzz help
I have the encrypted text as a String.
This is what I do to decrypt it using the Private key
- Determine the block size of the Cipher object
- Get the array of bytes from the String
- Find out how many block sized partitions I have in the array
- Encrypt the exact block sized partitions using update() method
- Ok, now its easy to find out how many bytes remain (using % operator)
- If the remaining bytes is 0 then simply call the 'doFinal()'
i.e. the one which returns an array of bytes and takes no args
- If the remaining bytes is not zero then call the
'doFinal(byte [] input, int offset, in inputLen)' method for the
bytes which actually remained
However, this doesnt work. This is making me go really crazy.
Can anyone point out whats wrong ? Plzz
Here is the (childish) code
Cipher rsaDecipher = null;
//The initialization stuff for rsaDecipher
//The rsaDecipher Cipher is using 256 bit keys
//I havent specified anything regarding padding
//And, I am using BouncyCastle
String encryptedString;
// read in the string from the network
// this string is encrypted using an RSA public key generated earlier
// I have to decrypt this string using the corresponding Private key
byte [] input = encryptedString.getBytes();
int blockSize = rsaDecipher.getBlockSize();
int outputSize = rsaDecipher.getOutputSize(blockSize);
byte [] output = new byte[outputSize];
int numBlockSizedPartitions = input.length / blockSize;
int numRemainingBytes = input.length % blockSize;
boolean hasRemainingBytes = false;
if (numRemainingBytes > 0)
hasRemainingBytes = true;
int offset = 0;
int inputLen = blockSize;
StringBuffer buf = new StringBuffer();
for (int i = 0; i < numBlockSizedPartitions; i++) {
output = rsaDecipher.update(input, offset, blockSize);
offset += blockSize;
buf.append(new String(output));
if (hasRemainingBytes) {
//This is excatly where I get the "input too large for RSA cipher"
//Which is suffixed with ArrayIndexOutofBounds
output = rsaDecipher.doFinal(input,offset,numRemainingBytes);
} else {
output = rsaDecipher.doFinal();
buf.append(new String(output));
//After having reached till here, will it be wrong if I assumed that I
//have the properly decrypted string ???Hi,
I am in a fix trying to decrypt this RSA encrypted
String ... plzz helpYou're already broken at this point.
Repeat after me: ciphertext CANNOT be safely represented as a String. Strings have internal structure - if you hand ciphertext to the new String(byte[]) constructor, it will eat your ciphertext and leave you with garbage. Said garbage will fail to decrypt in a variety of puzzling fashions.
If you want to transmit ciphertext as a String, you need to use something like Base64 to encode the raw bytes. Then, on the receiving side, you must Base64-DEcode back into bytes, and then decrypt the resulting byte[].
Second - using RSA as a general-purpose cipher is a bad idea. Don't do that. It's slow (on the order of 100x slower than the slowest symmetric cipher). It has a HUGE block size (governed by the keysize). And it's subject to attack if used as a stream-cipher (IIRC - I can no longer find the reference for that, so take it with a grain of salt...) Standard practice is to use RSA only to encrypt a generated key for some symmetric algorithm (like, say, AES), and use that key as a session-key.
At any rate - the code you posted is broken before you get to this line:byte [] input = encryptedString.getBytes();Go back to the encrypting and and make it stop treating your ciphertext as a String.
Grant -
Simple Substitution Cipher: What Went Wrong?
I've written a simple program that enables a user to type in the name of a plain text file, then have the file encoding using a simple (+1)substitution cipher. The program compiles, but when the encoded file displays, it displays on the first character of each word. The plain text file consists of the sentence "Now is the time for all good men to come to the aid of their party". Any assistance would be greatly appreciated. The code is as follows:
import java.io.*;
class FileReadText
public static void main(String[] args) throws IOException
BufferedReader input = new BufferedReader(new InputStreamReader(System.in));
String fileName;
System.out.println("What file would you like to encrypt?");
fileName = input.readLine();
BufferedReader inFile = new BufferedReader(new FileReader(fileName));
char[] cipher = {'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y',
'z', 'a'};
char[] txt = fileName.toCharArray();
char[] encTxt = new char[txt.length];
for(int i = 0; i < txt.length; i++)
if(txt[i] >= 'a' && txt[i] <= 'z')
encTxt[i] = cipher[txt[i] - 'a'];
else
encTxt[i] = txt;
System.out.println(encTxt[i]);
inFile.close();When do you actually read from the file? It looks like you're just trying to encrypt the filename. So if the filename was "test.txt" that's what you would be encrypting instead of "Now is the time for all good men to come to the aid of their party". That's the most obvious problem I see at least.
-
A problem about ALG_DES_CBC_ISO9797_M2 cipher
I am doing a test for DES encryption/decryption using cref. Looks like only few cipher algorithms are support by Java card OS. I use ALG_DES_CBC_ISO9797_M2.
The problem is as below:
I use RMI.
I think the operation block is 8 bytes.
I want to encrypt an 8 bytes array 30 31 32 33 34 35 36 37.
However, if I send an input array with 8 bytes, I got the error ILLGAL_USE.
The strange thing is that if I append 8 bytes zeros and make the array like 30 31 32 33 34 35 36 37 00 00 00 00 00 00 00 00,
I got a result 97 44 20 6c 39 80 c2 27 3d f6 77 5c 15 e7 84 18.
And if I use the result array (16 bytes) for decryption, I got 30 31 32 33 34 35 36 37 00 00 00 00 00 00 00 00, which looks right,
if I truncate last 8 bytes.
Another experiment:
Array1 (16 bytes): 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f (instead of append zeros, I append other numbers)
Array2, encryption result for Array1: 9744206c3980c2273df6775c15e78418
decrypt Array
I got the result: 30 31 32 33 34 35 36 37 00 00 00 00 00 00 00 00 (looks like only the first 8 bytes of Array1 is used)
So I have to keep a double-size encryption result? Anybody has more information?I know it's weird. But if I use 8 bytes as input, I got this for encryption:
[java] java.lang.ArrayIndexOutOfBoundsException: Thrown on the card.
my encryption code is like this:
(if I double the size of outBuffer, I got an output array with size 16 bytes)
public class DESCrypto {
//DES Test Key
static byte[] testDESKey = //Note this is the DES key definition
(byte)0x38, (byte)0x12, (byte)0xA4, (byte)0x19, (byte)0xC6, (byte)0x3B, (byte)0xE7, (byte)0x71
// constants
byte cryptKeyType = KeyBuilder.TYPE_DES;
short cryptKeyLen = KeyBuilder.LENGTH_DES; // 64 bits
short cryptBlockLen = KeyBuilder.LENGTH_DES / 8;
byte cryptAlgo = Cipher.ALG_DES_CBC_ISO9797_M2;
byte[] outBuffer = null;
// input length is supposed to be half of the key length, otherwise giving arrayindexoutofboundary error
public byte[] DESEncrypt(byte[] inBuffer) throws UserException, CryptoException {
if(null == outBuffer) {
outBuffer = JCSystem.makeTransientByteArray((short)(this.cryptBlockLen), JCSystem.CLEAR_ON_DESELECT);
if(null == outBuffer) {
UserException.throwIt(CardRmiCommon.NULL_POINTER);
try {
Cipher cipher = Cipher.getInstance(this.cryptAlgo, false);
DESKey key = (DESKey) KeyBuilder.buildKey(this.cryptKeyType, this.cryptKeyLen, false);
key.setKey(testDESKey, (short)0);
cipher.init(key, Cipher.MODE_ENCRYPT);
cipher.doFinal(inBuffer,(short)0, (short)cryptBlockLen, outBuffer,(short)0);
catch(CryptoException e){
CryptoException.throwIt(e.getReason());
return outBuffer;
} -
How to find length of string after encryption using DBMS_CRYPTO package
Hi,
I am planning do data encryption using DBMS_CRYPTO package. I want to find how much will be string length after encryption.
e.g When I try to encrypt string of length between 1-15 characters it gives me encrypted string of 32 characters. When I try with 16 charcters encrypted string is of 64 characters.
Is ther any formula to calculate length of encrypted string?
Thanks
PravinThe length change is dependent upon the algorithm you are using which can be a combination of cipher block, padding, and chaining.
The best solution is determine the method you are going to use and apply it to the l ongest possible strings you are going to proces, then add some safety margin. There iis no penalty for defining your column as VARCHAR2(4000). -
New line character in cipher text?
Friends,
I am encrypting a text in Triple DES/CBC mode/Nopadding mode. the length of text is 6500 bytes. in the cipher text that i get, it has new-line character(\n) & carriage return characters. As a result of this i m unable to read the cipher text from a C program(as it is not fully reading the cipher text). is there any methodology to overcome this problem. is there any way to avoid the new-line & carriage return characters in cipher text.
Also is there any criteria like, the plaintext can be only max of this much bytes?
Thanks in AdvanceThe result of your encryption is bytes and not characters so your C program should process it as bytes and not as characters then bytes '\r' and '\n' will not be interpretted.
It would be interresting to see your C code. -
Error while encrypting the xml file using asymmetric cipher...pls help
i am encryption the xml file using asymmetric cyper....
in one class , i am generating private key and public key using "RSA" algorithm..using 1024 byte initialization...
it is generating properly...
and after that in second class i am encrypting the xml file using "DESede" algorithm and i am using public key of above class..
but i am getting exceptione :
java.security.InvalidKeyException: Invalid key length: 162 bytes
at com.sun.crypto.provider.DESedeCipher.engineGetKeySize(DashoA6275)
at javax.crypto.Cipher.init(DashoA6275)
at XmlEncryption.getEncryptedData(XmlEncryption.java:147)
at XmlEncryption.encryptCompleteXmlFile(XmlEncryption.java:123)
at demoXmlEncApp.simulateBookSellersEnd(demoXmlEncApp.java:72)
at demoXmlEncApp.main(demoXmlEncApp.java:29)
so, what is that ?
i want to use RSA algo for key generatiion and DESede for cipher initialization .
is there any site for where source code of xml file encryption using asymmetric cipher is available?
pls, help me.....Sachin,
What sabre150 is trying to explain to you, is that encrypting data (such as an XML file) is a 2-step process. In the first step, you generate a symmetric key (such as DES, 3DES, AES) and encrypt your file with this key (and the appropriate mode and padding).
In order to ensure that your encrypted data cannot be decrypted by unauthorized individuals, you now need to protect the symmetric key. Encrypting your symmetric key with another symmetric key does not solve the problem, since you have a chain of symmetric keys that need to be encrypted into infinity.
Cryptographers solve this problem by encrypting the symmetric key with an asymmetric key, such as as RSA. To perform this second step, you generate an RSA key-pair, encrypt the symmetric key you generated in step 1 with the Public key of the RSA key-pair, and give the recipient of the encrypted XML file, access to the Private key of the RSA key-pair as well as the encrypted symmetric key.
The recipient, then uses the RSA Private key to decrypt the symmetric key first, and then uses the "plaintext" symmetric key to decrypt the XML file.
What sabre150 was also attempting to explain to you, is the traditional way of transporting an encrypted "blob" that consists of data + symmetric key. With a modern key-management system, combining the two would be unnecessary. -
Cipher program.. in need of a little guidance
I understand I posted many messages about this subject. But I just wanted to start a new thread on this as a whole. I apologize for that. Anyways I can't get this thing going right... I want to take a repeating key and encode words with it. This program takes text files and the first line is all ints (the repeating keys) and the next lines are ones to be encoded and decoded.
I left a big comment on what I need to do and also if you see any obvious problems please let me know. I really appreciate it. Thanks.
import java.io.*;
import java.util.*;
public class RepeatingKeyCipher<E>
public static void main(String[] args) throws IOException
RepeatingKeyCipher obj = new RepeatingKeyCipher();
File file = new File("in.dat");
PrintWriter outFile = new PrintWriter(new FileWriter("out.dat"));
Scanner fileIn = new Scanner(file);
Queue<Integer> keyNumbers = new LinkedList<Integer>();
Queue<String> plainText = new LinkedList<String>();
int keyLine;
while(fileIn.hasNextInt())
keyLine = fileIn.nextInt();
plainText.offer(keyLine);
keyNumbers.offer(plainText.poll());
Queue<String> cipher = new LinkedList<String>();
cipher = obj.encode(keyNumbers, plainText);
//for(int i = 0; i < message.length; i++) {
private int front;
private int rear;
private int size;
private char newLetter;
private String alpha = "abcdefghijklmnopqrstuvwxyz";
public char encode (Queue<E> key, Queue<E> plain)
{//returns new letter
/* From here on you just find a way to seperate the key element.
Then you seperate the first character from the plain queue.
Then use the nested loops to convert and add back to a third
queue. */
Queue<String> encodedText = new LinkedList<String>;
StringTokenizer st = new StringTokenizer(message);
while(st.hasMoreTokens())
String word = st.nextToken();
int wordLength = word.length();
for (int i = 0; i < wordLength; i++)
newLetter = alpha.charAt(i + key);
if (newLetter > alpha.length())
newLetter =alpha.charAt((i + key) - 25);
return newLetter;
}Most of those question will have to be answered by your O2 UK customer service, as they will know their data plans.
But for the BlackBerry, you will need a BlackBerry specific data plan.
Just a generic internet access plan usually will not suffice.
So when you speak to them, make sure you get specific BlackBerry data plan information, add-on or bolt-on or whatever the call it.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Cryptograhpy cipher RC4 2048bit in JDK1.5
I need to use RC4 key size of (256 bytes) 2048 bits. From JCE JavaDoc
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppE
RC4 can only support 128 bytes/1024 bits
I wonder, does any of the JDK/JCE version support RC4 for 2048 bits key?
Or can you suggest a shareware provider which supports RC4 2048 bits?
I had this topic posted orginaly in
http://forum.java.sun.com/thread.jspa?threadID=757353
Thanks a lot.Thanks for your reply:
I have downloaded Unlimited Strength Jurisdiction Policy Files and replaced jars in my jre/lib/security. I still have the same problem.
Here is my code: The parameter keyBytes is the same as we use on the other side of the wire implemented in C version of openssl.
private Cipher quickTestRC4(byte[] keyBytes){
SecretKey key = new SecretKeySpec(keyBytes, "RC4");
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RC4");
System.out.println("Testing RC4: initialize by passing keyBytes size = "+keyBytes.length+" bytes");
cipher.init(Cipher.ENCRYPT_MODE, key);
catch (Exception e1){
e1.printStackTrace();
return cipher;
Here is the exception:
Testing RC4: initialize by passing keyBytes size = 256 bytes
java.security.InvalidKeyException: Key length must be between 40 and 1024 bit
at com.sun.crypto.provider.ARCFOURCipher.a(DashoA12275)
at com.sun.crypto.provider.ARCFOURCipher.a(DashoA12275)
at com.sun.crypto.provider.ARCFOURCipher.engineInit(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.MyTest.quickTestRC4(MyTest.java:138)
If I pass in 128 bytes keyBytes, it works fine.
I wonder, what could be the problem here and how to solve it?
Thanks a lot.
Maybe you are looking for
-
Ldapssl_client_init always returns -1 when using nsldapssl32v50.dll
We have an iPlanet Directory Server v5.2 installed and SSL has been configured on it. When we call ldapssl_client_init(CERTDBPath, NULL) we always get a the return value as -1. We used nsldapssl32v30.dll and the corresponding lib and tried the same p
-
Question regarding the IR receiver on the 2012 MBP non retina.
Hello! I recently purchased a 2012 MBP this month. While cleaning it using a soft cloth, I noticed that there were tiny scratches on the tinted plastic covering the IR receiver. I have never taken my MBP out of my house and has mainly been used on
-
Cannot check real time access while creating infopackge
Hi all, I am getting an error while trying to create a real time infopackage. I have made my datasource real time by changing the real time flag in ROOSOURCE but while creating the infopackage the real time check is greyed out. I had read in some
-
How to solve this problem?
-
My brother likes the functions on the camera raw panel and bridge. He believes it will save him time over just photoshop. Can he start with a jpeg image? If so, how does he activate the camera raw panel? We have Bridge CS3 and Photoshop CS2. We have