EToken + RSA Key Secondary Authentication problem

Similar Messages

• How to configure RSA Based User Authentication on XR?

  Hello,
  I have been reading Cisco docs about how to configure RSA Based User Authentication on a ASR9K.
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/security/configuration/guide/b_syssec_cg42asr9k/b_syssec_cg42asr9k_chapter_0110.pdf
  I have problems importing the public key to the router. No matter how i try i always get this output: 
  RP/0/RSP1/CPU0:XXX#crypto key import authentication rsa  tftp://10.232.201.180/id_rsa.pub
  Wed Jul 16 14:00:15.558
  Cannot execute the command : Invalid argument
  I have tried copying the file to Disk0: and using this path but get the same error.
  Could anyone help me explaining step by step how to configure RSA Based User Authentication.
  Thanks

  Hi
  1. Generate a key on your station
   ssh-keygen -t rsa -b 1024
  2. Remove the key type and host, leaving only key and decrypt it using base64:
   cut -f2 -d\  id_rsa.pub | base64 -d > id_rsa2.pub
  3. Import the key to the deivce
   (admin)#crypto key import authentication rsa username USERTEST ftp://xxxr/ak/id_rsa2.pub
  4. Create a username on the device matching the imported key
  username USERTEST
   group root-system
  Regards,
  /A

• Peer's RSA keys change after reboot - workaround

  Looks like a couple of builds back - you messed up the peer key renegotiation/update when using the RSA keys authentication method.  Every time a network member reboots, the key changes, and each of it's peers have to update their key manually. The workaround, for all others who are afflicted with this problem, is to change the Authentication method to Password, and then setup a shared password for all peers in the mesh. This is less than desirable, of course, I'm hoping Hamachi fixes this soon ... 

  Hi,
  Actually the problem is fixed in yesterday's 2.2.0.385 release.
  The build is available from the website.
  You will need to accept keys one more time after updating, but they will not be lost after a restart anymore.
  Regards,

• Peer RSA key changes when the machine is rebooted

  I have a network of 4 systems. 1 system is the peer that is usually online 24/7 & then 3 cliants connected to it. Now when first joined no problems happen at all. But when the peer system gets rebooted for whatever reason & when it connects back to hamachi, the cliants block the connection because the RSA keys don't match. However if they click Update it resolves the issue. But this should be done automatically shouldn't it or why is it happening in the first place? I have tried re installing countless times & even installed the cliants using the deployment feature which verified it was installed. Its annoying the hell out of me & causing me issue's!

  Rightclick the connection with the yellow triangle or which has the problem & click on details. Where it says Authentication it will have an error or some notification to the right of it. Mouse over & click the pop up message box & it will allow you to update or dont update.

• Generating RSA keys based on p, q, and public exponent

  Hi,
  The problem is the following. I need to generate an RSA key pair on the card based on pre-defined P, Q and public exponent. The KeyPair specs syas that if the public exponent is pre-initialized it will be retained. All other values are overwritten though (I checked with a test applet on jcop41). So two questions:
  1. Do you know of any card that can also retain p and q and generate (calculate) dp, dq, pq, and public modulus. This is contrary to the specification so I doubt there would be any, but it is always good to ask.
  2. Do any of you have a Java code that would do this (ie. calculate the missing key components) that can be run on Java Card, ie. does not use BigInteger or similar classes.
  Cheers,
  Woj

  That is exactly the point I was trying to make, I actually forgot about this thread, because the problem at hand went on the shelf for the moment. To reformulate:
  1. I have only certain parts of the RSA key, but enough parts to determine a valid private/public key pair.
  2. Now I want to generate the missing parts on the card. The JC API requires all the parts to be supplied, it is not possible to provide only partial (but determining the whole key) key information. The KeyPair class can only retain the public exponent during key generation, but not the other parts (according to the specs and my own tests).
  3. My wild guess is that it would probably be doable without too much hassle with host JCE, but it's not an option for me, it has to be done on the card.
  4. I could try to write my own Java Card code that would do this based on, say, openssl implementation, but now I am too lazy, so that's why I asked if somebody possibly has the code that does this.
  Cheers,
  Woj

• Authentication problem - solved, but maybe a bug in Mac OS X?

  Hi,
  I've a rather small installation with only a handful of users configured on a Mac mini (Mac OS X Server, 10.6.8). All of them use the mail, calendar and addressbook server on the Mac, nothing more. They use it with Mac, iPhone and iPad. Everything worked fine for months but suddenly all of them were faced authentication problems: it was not possible to login on the imap server, the calendar server, the addressbook server. It was possible to login using the admin account on the server directly. Moreover, all users disappeared from the workgroup manager, however they still were available on the servers LDAP server and findable using ldapsearch.
  First, I used to completely restart the server to solve the problem, but it reappeared after only few hours again.
  Second, after understanding more about the authentication process, I found the "killall DirectoryService" was sufficient to solve the problem, but it still reappeared after few hours.
  Then I found the, once the problem occured, there was nearly no more communication to the local LDAP server on port 389 on localhost. When everything was working fine, the was a lot of such communication, including queries for usernames, when a login attempt was made. I started a "tcpdump -n -i lo0 port 389" and waited for the problem again. After the problem occured, I found in the pcap files that there were a few final query attempts, actually attempts the open a port 389 TCP connection to the slapd running on localhost, which were answered with a TCP RST. Then, no more attempts were made until l restarted the DirectoryService. Using the logfile of the slapd I found that this happened exactly at the time the slapd was stopped and restarted. And - surprisingly for me - stopping and restarting the slapd happened exactly once an hour.
  I then found that it happened exactly at the time the time machine backup process was started and indeed it was possible to trigger the event of restarting the slapd by manually starting a time machine backup.
  (Indeed, I switched my backup strategy from SuperDuper to time machine the other day and maybe that was the time the problem occured for the first time. I know that time machine is not considered as the best backup strategy for a server but I wanted to try on my own.)
  Google helped my to find a hint that time machine will actually stop and restart slapd - which is a generally a good idea, since otherwise a backup from some open database files would be made, which could work but may fail. So, I thing, someone of the developers thought about that problem too and has considered time machine for backups of a server.
  However, a not running slapd can not answer queries from a DirectoryService and a stopping or starting process might indeed end up with TCP SYNs answered with TCP RST.
  My solution was to disable time machine again and from that time the problem does not occur again.
  I'm wondering why the DirectoryService process isn't starting to query the slapd again after a failed connection. Isn't this a bug? After this experience I consider time machine as not only the not preferred backup solution for a server but as completely incompatible with Mac OS X server - although, as I said, it seems that someone thought about backing up the LDAP database using time machine.
  (On a Lion server this problem does not occur, the slapd will not be stopped and restarted when time machine is running. Moreover, I saw a com.apple.slapd.start notification in the slapd.log ... maybe this tells DirectoryService to try again.)
  Cheers,
  Wolfgang

  Another problem I found with the MacOS X key bindings: the 6 key doesn't work!
  In the config that ships with SQL Developer, I found this:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">6</Item>
  </data>
  </second>
  </Item>
  which should be:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">meta 6</Item>
  </data>
  </second>
  </Item>

• ESSO-LM Secondary Authentication API

  Hi
  I am facing problem to implement Custom Secondary Authentication Library with ESSO -LM for Passphrase prompt.
  I have gone through documents, but it is not helpful up to much extend.
  Does anyone have implemented this one or any idea?

  You can do it by changing authentication level in LMconsole.
  Chage the setting write this setting to hklm.
  Check also documents for AM. you will get helped.

• WiFi Authentication problem

  I have an iMac, and iPad, a Blackberry (forgive me) and Airport for my WiFi all of my pieces are working fine with my WiFi.  I had guests over the other day and we could not allow my guests iPads or iPhone to sign onto my network.  I bought my dad a generic tablet to use for solving cross words, etc., and I cannot sign into my own network.  No opportunity exists to put in a password because it just reads "Authentication Problem".
  No opportunity exists, therefore, to enter the password.  Signal strength is excellent, Securty is WPA2 PSK, I touch connect and it says Saved Secured with WPA2 and then goes back to "Authentication Problem."
  I've unplugged (and plugged back in) both the Airport / router and Internet Service provider's modem. I've rebooted my iMac and the new generic pad 3 times each. 
  I had 2 networks one for me and one for guests, can't get into either, identical problem. I can see all of the neighbour's networks and they're all locked and say secured with (various WPA/WPA2, etc., just mine says Authentication Problem.  I plugged the tablet into my iMac and it's functioning well.
  I now deleted the guest network and can't open a new network. 
  I've triple checked my passwords, hand written and in the Key Chain.
  I've checked my Apple ID (I'm able to get into this forum).
  Both my iPad (purchased May 2013) and BlackBerry (received free July 2013) signed in without any problems.
  I cannot see why I can't get into my network ~ any ideas?

  Hello,
  Hmmm..."problem"...pretty hard to understand. Can you provide more details? What exactly do you try? What exactly happens at each step of what you try? What is the exact and complete content of any error messages presented?
  Please remember that we can't see you nor your device. We have only your words to help us understand your situation, and such understanding is the natural prerequisite to providing you with any useful guidance.
  Thanks and let us know.
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• RSA keys and BigInteger Article

  [BigInteger and RSA Signature/Encryption|http://www.jensign.com/JavaScience/dotnet/RSAdotnet4/]
  Here is a new article describing RSA key components and demonstrating how BigInteger class (in either Java or .NET 4) can be used to manually study RSA signature and encryption calculations.

  Thanks for comments. The up to 6 public keys wasn't my own idea, it originates from the EMV2000 specs. If I want one point-of-payment unit serving both MC, Visa, Maestro and Cirrus cards, then I have 4 RIDs already. So bad luck for Amex and Diners, unless I add more SAMs.
  But those keys are not the ones where I realy struggle, because they (CA public keys) would be reasonably stable year after year. My problem is the unexpected out-of-resource error I now get from KeyBuilder, when dealing with keys that actually come in the form of a certificate from an EMV payment card: the Issuer and ICC public keys. They can be any length, from 512 up to 2048. And a terminal may see hundreds of different cards each day.
  Unless anyone comes up with a better suggestion, I think I'll just build ~9 keys upfront, just once after installing the Applet, with all 'common' modulus key lengths, so 512,736,768,896,1024,1280,1536,1984,2048 and let the decrypt step pick any of these 9 depending on what ICC and Issuer lengths I'll be confronted with.
  But any better ideas much appreciated!

• OWSM 11g: SAML holder of the key based Authentication

  Hi all,
  I am trying to implement SAML holder of the key method based authentication. As per weblogic documentation, I have disabled the Disable X.509 certificate validation since I am using SAML holder_of_key assertions. I have attached the policies to the composites oracle/wss10_saml_hok_token_with_message_protection_client_policy and oracle/wss10_saml_hok_token_with_message_protection_service_policy. I am using the default values except for keystore.recipient.alias property. When I am testing the policy it says that the saml.assertion.filename named temp could not be found.
  As per the documentation this is file containing SAML holder of the key based authentication. Can anyone provide some idea as to what should be the contents of this file?
  Thanks in advance

  me too am facing same problem..did you manage to solve this?
  please suggest..

• Wifi authentication problem yoga 2 1050F

  Hi,I am a new member and have just upgraded to android 5. Seems a big mistake as cannot connect to internet (no trouble with android 4) Says authentication problem. Have tried cancelling and re-entering password, turning router on and off and factory reset. Nothing. If Lenovo come up with a repair how will I be able to get it into the tablet when I have no internet connection.At the moment I have a tablet that is about as usefull as a roof tile. HELP

  You have been looking everywhere, except this forum. This issue was already addressed in this thread: https://forums.lenovo.com/t5/Android-Yoga-Series-Tablets/Wifi-Won-t-Connect-quot-Authentification-Problem-quot-Yoga/td-p/2105009 Are you using a WEP key encryption? If yes, try switching to WPA/WPA2. Though i have been able to connect without problem with these settings: Have you performed a factory reset after switching from 4.4.2 to 5.0? You could try that, sometimes it fixes so e issues.

• SQLNET authentication problem!

  Hi,
  We have a setup in which the database server is running on a 'XXX' domain and all the clients are running in domain 'YYY'.
  On the client, if following is the setup, then the clients face ORA-03113 after around 45 to 90 minutes of idle time.
  SQLNET.ORA
  NAMES.DEFAULT_DOMAIN=YYY
  TNSNames.ORA
  DBName.YYY = (..........
  Note: This is not happening with all the clients in 'YYY' domain.
  Now, we thought this was a domain authentication problem and removed the DEFAULT_DOMAIN setup from the client. Still the client faces ORA-03113.
  As a part of trial, we moved one of the machines which was facing the problem to the domain of the database server and the error is gone.
  But, due to obvious reasons, it is not possible to move all the clients to the domain of database server.
  Is there any way to get around this problem?
  Why is it that only some of the clients are facing this problem?
  Why is it that the error occurs only after idle time and not during work?
  Do we need to set NAMES.DEFAULT_DOMAIN=XXX at client? (I apologize for this question but I am really confused with the matters now)
  Addition info: The database server is Oracle 10.1.0.2.0 and clients are ranging from Oracle 8.1.6 to Oracle 10.1.0. And the errors occur on clients with any version of Oracle.
  Please help us out in this regard.
  Thanks in advance,
  Satish

  I have gone thorugh the Action suggested for this oracle error.
  If problematic machine is shifted to the domain XXX, error is gone,Do you shift physically to some other network?? if yes then there might be a problem with your network. The machines which are disconnected, might be on the same network channel or switch which is creating some problem in your network. this is only luck that your failure occur when there is no activity from that client which is disconnected.
  Shift the places of problem facing client and non-problem facing client with each other and then check. It will clear the mind about the netrowk problem
  Regards

• Webservice authentication problem

  Web Service Authentication problem
  Posted: Jun 17, 2005 3:32 PM        Reply      E-mail this post 
  Hi
  I have created a portal service and exposed this service as a webservice. I am consuming this webservice in webdynpro. Portal service contains 2 simple methods putdata() and getdatat().
  When i access the webservice i am getting the following error.
  "javax.xml.rpc.soap.SOAPFaultException: The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.GlobalData or the service was not found"
  My Enterprise portal server is configured for SSO to back end R/3 system. I have checked for portal service availability and it is fine.
  My Webdynpro and Portal are running on different machines. EP is running on AIX with SP11.
  Any help please.
  Regards
  NagaKishore V

  Hi Shahab,
  Can you reproduce the issue if you create 2 applications. One that exposes a secured web service and the other one the one, consumes the web service? This would help to isolate the issue and move forward in case is a bug.
  Thanks,
  Juan Camilo

• Save and load public/private RSA key on file

  hi
  i'm triyng to save and load an RSA key to a file
  i generate the keys:
          KeyPairGenerator generator=null;
          KeyPair coppia=null;
          PrivateKey c_privata=null;
          PublicKey c_pubblica=null;
              generator=KeyPairGenerator.getInstance("RSA");
              //imposto la dimensione
              generator.initialize(1024);
              //genero le 2 chiavi
              coppia=generator.genKeyPair();
              //imposto la privata
              c_privata=coppia.getPrivate();
              //imposo la pubblica
              c_pubblica=coppia.getPublic();
  //i save the key
          FileOutputStream file = new FileOutputStream("key");
          file.write(c_pubblica.getEncoded());
          file.close();and then i use another program that imports the key:
     Key chiave=null;
     FileInputStream file=new FileInputStream("key");
     byte[]byte_chiave=new byte[162];
               X509EncodedKeySpec chiave_spec = new X509EncodedKeySpec(byte_chiave);
              KeyFactory keyFactory = KeyFactory.getInstance("RSA");
              chiave = keyFactory.generatePublic(chiave_spec);but when i try to reload he key i get:
  java.security.InvalidKeyException: IOException : DER input, Integer tag error
  where am i wrong?
  thanks

  sorry...
  this is the correct code:
          Key chiave=null;
          FileInputStream file=new FileInputStream(path);
          byte[]byte_chiave=new byte[file.available()];
          System.out.println("leggo: "+file.read(byte_chiave));
          X509EncodedKeySpec chiave_spec = new X509EncodedKeySpec(byte_chiave);
          KeyFactory keyFactory = KeyFactory.getInstance("RSA");
          chiave = keyFactory.generatePublic(chiave_spec);

• How  to use the RSA  key files generated by Crypto++ in java

  Hi - Good day to all :)
  I have two RSA key files(private key file and public key file) generated by Crypto++ 5.2.1:
  code here:
  void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed)
       RandomPool randPool;
       randPool.Put((byte *)seed, strlen(seed));
       RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength);
       HexEncoder privFile(new FileSink(privFilename));
       priv.DEREncode(privFile);
       privFile.MessageEnd();
       RSAES_OAEP_SHA_Encryptor pub(priv);
       HexEncoder pubFile(new FileSink(pubFilename));
       pub.DEREncode(pubFile);
       pubFile.MessageEnd();
  }generated private key is:
  30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100E19891D888651221AF315B369873F01910D097F554723EE8748FA230F2B954EBEFC57CB402DD03333BA9514AB5256EF92BE714C710D166A1D86CB7A11EFB4499506826AB873F5036B92F07BBB3ABB8F562646DE6E11031C46542633605FDE4A31E0E0A8651B4BC7743C18266D664E59E713D7595ED3D3B6C2F94C6072E276171020111028180425A0CC7372CC918F74AC07978221970C8B5D25736F46CDAF51B2FB40B27735473B28E16D3AA6A5A5CD7724326382FB2B28F4258AA97F1026CD4AE7AAEC25F77D54DF69BB3979E2893EBB071DA5752871BC8C60F9B5546C466F3103884D6B67FADCD51B17899991989507CB16F45DD76EC0DEDA1BD979ED1A101179F9687E9E5024100FFCAAEF814F12DCBDF20D4CFDD5007738DAAE45AE7EC2FD8E23A9EFCA85FADCAF61B03BFEA6FE6023E78700F804C4C275375A85BC367FE39D5FB2E0F0A4555F7024100E1C797A20FB108ADAFECDB025665FF500FDBB4F0829BAAE95833C046005DCA593F6C2437CD3A9AB7CC04372F422B0EE2C7FED87AA53821366962AE0CBDAD89D702402D23C48621D035421851167F08F00150A08791B5B074F96282469486F0895AE794D7973FFC31DD4BB0ABD78A43D13A9D8732E1799AF43BEC16B3DAF3986696B30240351FE7716D1A98A156921569F6361DF4B86FEE56B551CDDC8D395A6AD2E8E4513C1971EF031CD91C3000FDED00829A173E1DD895540D34FDBE71925D59CE7AC9024014A4347A1E7408FBB0A9AE5064FA58CAF2BCA5C00B8082A46EECABFA5CBF61364FEE81E2C049F399A2F601C802DD54A6D9340FABE62D6D1F913026C8B3764AFEI use this key in java
  BufferedInputStream input=new BufferedInputStream(new FileInputStream("privateKey"));
            int size= input.available();
            byte[]buffer=new byte[size];
            input.read(buffer);
  X509EncodedKeySpec lX509EncodedKeySpec = new X509EncodedKeySpec(buffer);
            PrivateKey lPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(lX509EncodedKeySpec);there is a exception,at generatePrivate() method
  at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:294)
       at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:171)
       at java.security.KeyFactory.generatePrivate(KeyFactory.java:322)
       at test.Main.main(Main.java:27)any body can help me?

  X509 is for public keys, not private keys. You need PKCS8 using PKCS8EncodedKeySpec on the hex decoded private key string.
  Your method for reading the private key from the file is flawed. The method available() does not guarantee to give you the file length. This is easy to prove since files can be longer than Integer.MAX_VALUE and available() returns an 'int'. To get the file length use File.length() which returns a 'long'. Also, reading from an InputStream using
  input.read(buffer); does not guarantee to read all the bytes. For that you need to use something like DataInputStream.readFully().