Get ssl session key after handshaking
hi..i want to get ssl session key (after ssl handshaking) to insert in cookie (hashed using HMAC) to avoid reply attack. but i don't know how to get that from container (i used tomcat). what must i do?
i mean reply attack for cookieDo you mean replay+ attack for cookie?
I have read the paperWhat paper? Reference? URL?
are you sure there is no way to get session key from container into servlet?I've answered that, but it isn't the container that has the session key. It is the SSLSession actually.
Similar Messages
-
Hi,
As I understand it, in the process of making an SSL connection (during the handshake) certificates are exchanged and their identities are authenticated, and then each create an identical (symetric) session key which will be used to encrypt communication.
My questions are:
1) What algorithm/encryption engine is used to create this key?
2) How strong is the algorithm that generates the key, and what type of key is used?
3) How can custom cyrptographic providers be used with SSL to generate these session keys?
4) Is there a way to force the SSL connection to use one specific method of generating the session key, and fail if it can't?
5) Is there a web page that gives me the deatail on these topics?
I've been looking around, but I can't find the answers to these specific questions.
Any help would be much appreciated, thanks,
JasonYou may consider to look on the following resources:
SSL v3 http://ssllib.sourceforge.net/draft302.txt
SSL v2 http://ssllib.sourceforge.net/SSLv2.spec.html
TLS v1 http://ssllib.sourceforge.net/rfc2246.txt
SSL and TLS book http://www.rtfm.com/sslbook/
JSSE Guide
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#SSLDocs
The algorithms used in SSL hanshake and then in data transmition are driven by the choosen cipher suite http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CipherSuite I.e. TLS_RSA_WITH_RC4_128_MD5. See SSLSocket documentation on how to set enabled suites - http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[]) -
[Solved] WPA TTLS EAP "Failed to get master session key"?
Summary: "WPA-Enterprise" (WPA2 with EAP-TTLS and inner PAP) was no longer working. Problem has been traced to the shitty Broadcom wireless card in my laptop. The Linux driver that Broadcom attempted to provide for it is a miserable failure. Switching to ndiswrapper and the windows driver solves this problem.
Last edited by leftylink (2010-02-13 08:45:50)Sorry, just realized that the link I posted to the wpa_supplicant.conf file was broken... should be fixed now.
I don't think I can just generate the config file, because its not a simple WPA network.. there are several other options that must be set. But I do think that its something wrong with the wpa_supplicant.conf file. Because here is how they suggest to write it:
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
ssid="wpa.mcgill.ca"
scan_ssid=1
key_mgmt=WPA-EAP
auth_alg=OPEN
eap=PEAP
identity=""
password=""
found here: http://knowledgebase.mcgill.ca/al/12/14/1925.html#wpa
and here are the options they specify when connecting using ubuntu's network manager:
According to the sample wpa_supplicant.conf, my config file should look more like this:
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="[email protected]"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10 -
Alter updating my IPad, I have problems getting new apps. After filling in my Apple Id, and answer my 3secret questions, I get THE answer that this session had to be ended without results.
Wow ! I got it running again ! :-)
I called support and got helped by a very friendly guy:
We tried serveral things, what worked for me was to reset my cookies:
- Close all apps by doubleclicking the "home" button - you see all running apps in the lower part of the screen. Then click an hold the first icon until it starts "shaking". Klick the small minus, proceed like that until the row is empty.
- Go in to the control center (don't know what it's called in english, in swedish it's "Inställningar")
- Klick the tab "Safari"
- Klick on Clear cookies and data ("rensa cookies och data")
- Close the control center and start App store
If you now try to download an app you still get the request for the three safety-questions, but when filling them in it works and you can proceed after that. The questions will not turn upp again afterwards...
Good Luck !
Other things we tried was:
- disconnecting the wifi and restarting it
- log out from app-store (in control center, tab "itunes and appstore") -
How do i get back my stateful session bean after it has been passivated
hi ,
How do i get back my stateful session bean after it has been passivated by container.
i'm confused that is it possible or not .......give me answer
i've one stateful sessionbean which i'm accessing throgh my normal java client . now what i'm doing is when i first time call a method it is running ......then i'm shutting down the server jboss .......it is calling my ejbPassivate() method ... at this particular time client program doesn't do anything.....
now after i restart my server i'm again calling back that business method with that last object reference.......it gives me the exception given below.....
java.rmi.NoSuchObjectException: no such object in table
java.rmi.NoSuchObjectException: no such object in table
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:227)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:167)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:106)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
at $Proxy1.makeNewAcc(Unknown Source)
at client.GanJavaClient.main(GanJavaClient.java:46)so pls tell me that is it possible to get back that session besn or notStateful session beans are not persisted across restart of the EJB server instance(s) hosting them. You can't treat a Session bean as one would an entity bean.
Chuck -
I try to redeem an iTunes GC and I get a "Session Has Timed Out" Message. The same thing happens when I try to download a song, after I'm taken to the SLA page. I sent Apple Support an email. They told me its software on my computer restricting access to my Internet Connection, but I haven't installed any new software since my last purchase from the iTunes Store. What can I do to fix this?!?! Thanks
Delete and redownload them if doing so is free in your country.
(106637) -
CS6 on W7-64 worked fine since April 2013. After a general system update its activation is not recognized anymore. The activation key is suddenly invalid. I uninstalled the sofware and tried to reinstall. Failed. How to get my activation key valid again?
Error "The serial number is not valid for this product" | Creative Suite
-
We need to buy Adobe Framemaker version 11. The distributor is only able to provide us with version 12. Can someone suggest me how is it possible to get the license for ver 11 serial key after purchasing ver 12 and also how to get the download details ? Urgent response will be helpful.D
Adobe Support helped us with a similar query. We ended up with exactly what you need.
-
After registratoin i did not get my license key for norton anti virus
after registratoin i did not get my license key for norton anti virus so how can i get this...?
This forum is only to discuss how the forums operate, not products and not sales
You are going to have to continue with Adobe via chat, nobody here can help with a sales problem
Is this the link you used for chat?
I don't know if it will be any better... but maybe?
http://helpx.adobe.com/x-productkb/policy-pricing/activation-deactivation-products.html -
Nnot Get Session Key for Authentication
I found in trace file of my application
(TRACE_LEVEL_CLIENT = SUPPORT in sqlnet.ora):
ORA-28035 Cannot Get Session Key for Authentication
Cause: Client and server cannot negotiate shared secret during logon.
What is the session key and how to obtain it?DISABLE_OOB = ON
NAMES.DEFAULT_DOMAIN = domain
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.CRYPTO_SEED = P9EBHPQFLEIAJNUFAZHQP8JBNES8EBEEHS895LCWW9UZKO9HR2R2E5GDN7JV15T27QJO97D89BQAWSRF
# SQLNET.CRYPTO_CHECKSUM_SERVER = requested
# SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
# SQLNET.ENCRYPTION_SERVER = requested
# SQLNET.ENCRYPTION_CLIENT = requested
SQLNET.RADIUS_AUTHENTICATION = ad1.domain
# SQLNET.RADIUS_AUTHENTICATION_PORT = (PORT)
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 5
SQLNET.RADIUS_AUTHENTICATION_RETRIES = 3
SQLNET.RADIUS_ALTERNATE = ad2.nlmk
# SQLNET.RADIUS_ALTERNATE_PORT = (1645)
SQLNET.RADIUS_ALTERNATE_TIMEOUT = 5
SQLNET.RADIUS_ALTERNATE_RETRIES = 3
SQLNET.RADIUS_SEND_ACCOUNTING = ON
# SQLNET.RADIUS_SECRET=(path/radius.key)
SQLNET.AUTHENTICATION_SERVICES = (NTS, BEQ,RADIUS)
# TRACE_LEVEL_CLIENT = SUPPORT
# TRACE_LEVEL_SERVER = SUPPORT
domain is the name of my windows domain
TNSNAMES.ORA
SERVER.DOMAIN =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.domain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = server.domain)
) -
Session key and MAC generation in SCP '02' i='15'
Hi,
I am trying send a PUT KEY command and it resolves to '6982' after a '9000' EXTERNAL AUTHENTICATE.
I suspect that my encryption is causing the problem.(not really sure!)
I compare my session keys to some that ppl had derived and posted on the forum and I don't really get what they did.
I am trying to find out if I'm deriving the correct session keys or not?!?!
e.g
//Calculating session keys with
//static key = '404142434445464748494a4b4c4d4e4f' (keyData)
//sequence counter = '003b'
//"0101" + sequenceCounter + "000000000000000000000000" for session CMAC key (data)
//"0102" + sequenceCounter + "000000000000000000000000" for session RMAC key (data)
//"0181" + sequenceCounter + "000000000000000000000000" for session DEK key (data)
//"0182" + sequenceCounter + "000000000000000000000000" for session ENC key (data)
//sessionCMAC is :3213860da8f8d9796794cbcec43ef7a23213860da8f8d979: with sequence counter:003b (result)
//sessionRMAC is :042a687f6e0dd3f80eabf1e5d51ccefe042a687f6e0dd3f8: with sequence counter:003b (result)
//sessionDEK is :1fe31370c22354e3b90d6b8ad5686d371fe31370c22354e3: with sequence counter:003b (result)
//sessionENC is :94a47ad54ffbf423fe4a9d915befab5294a47ad54ffbf423: with sequence counter:003b (result)
<code>
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
DESedeKeySpec keySpec = new DESedeKeySpec(keyData);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = secretKeyFactory.generateSecret(keySpec);
IvParameterSpec iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] result = desedeCBCCipher.doFinal(data);
if (result .length == 16) {
byte[] temp = (byte[]) result .clone();
result = new byte[24];
System.arraycopy(temp, 0, result , 0, temp.length);
System.arraycopy(temp, 0, result , 16, 8);
keySpec = new DESedeKeySpec(result);
secretKeyFactory = SecretKeyFactory.getInstance("DESede");
key = secretKeyFactory.generateSecret(keySpec);
</code>
I use the same encrytion to derive KeyCheckValue with
newKey ='505152535455565758595a5b5c5d5e5f', data = '0000000000000000'
and it results to : '6d377e' (of course the last 3 bytes)
Even though my CMAC session key is different from others (e.g "RLopes" in "http://192.9.162.102/thread.jspa?threadID=5365173&tstart=363" and I have seen it in others too and its really odd to me that its slightly different if you take a close look you will get what i mean) i get the EXTERNAL AUTHENTICATION to work.
If there is anyone who is 100% sure meaning he/she got other commands to work after EXTERNAL AUTHENTICATE using CMAC please help me verify the keys I got?
Can he/she test with his code to see if he/she is getting the same session keys or check value?
Thanks in advance
KamranHi,
Here is the Class and thanks for the tip, I've honestly tried these <code></code> but didn't work and I know it is indeed annoying without the tags :D
I really hope it helps...
* To change this template, choose Tools | Templates
* and open the template in the editor.
package terminalpcsc;
import java.lang.Exception;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.security.sasl.AuthenticationException;
import javax.smartcardio.*;
* @author Kamran
* @param args the command line arguments
public class Main {
private static CardChannel channel;
private static Card card;
private static int CHALLENGE_LENGTH = 8;
private static byte[] keyDiversification = new byte[10];
private static byte[] keyInformation = new byte[2];
private static byte[] sequenceCounter = new byte[2];
private static byte[] cardChallenge = new byte[6];
private static byte[] cardCryptogram = new byte[8];
private static byte[] hostChallenge = new byte[8];
private static byte[] hostCryptogram = new byte[8];
private static String keyDiversificationHexString;
private static String keyInformationHexString;
private static String sequenceCounterHexString;
private static String cardChallengeHexString;
private static String cardCryptogramHexString;
private static String hostChallengeHexString;
private static String hostCryptogramHexString;
private static byte[] sessionCMAC;
private static byte[] sessionDEK;
private static byte[] sessionENC;
private static byte[] sessionRMAC;
private static byte[] icvNextCommand;
private static IvParameterSpec ivAllZeros = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
private static byte[] staticKey = hexStringToByteArray("404142434445464748494a4b4c4d4e4f4041424344454647");
private static byte[] newKey = hexStringToByteArray("505152535455565758595a5b5c5d5e5f");
private static byte[] CMAC;
* @param args the command line arguments
public static void main(String[] args) throws Exception {
initiateCardChannel();
String apduString = generateSelectAPDU("a000000003535041");
byte[] bufferC = hexStringToByteArray(apduString);
CommandAPDU capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Select AID: " + byteArrayToHexString(bufferC));
ResponseAPDU rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
byte[] bufferR = rapdu.getData();
String responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generateInitializeUpdateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Initialize Update: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
// protocol 01
//System.arraycopy(bufferR,0,keyDiversification,0,10);
//System.arraycopy(bufferR,10,keyInformation,0,2);
//System.arraycopy(bufferR,12,cardChallenge,0,8);
//System.arraycopy(bufferR,20,cardCryptogram,0,8);
// protocol 02
System.arraycopy(bufferR, 0, keyDiversification, 0, 10);
System.arraycopy(bufferR, 10, keyInformation, 0, 2);
System.arraycopy(bufferR, 12, sequenceCounter, 0, 2);
System.arraycopy(bufferR, 14, cardChallenge, 0, 6);
System.arraycopy(bufferR, 20, cardCryptogram, 0, 8);
keyDiversificationHexString = byteArrayToHexString(keyDiversification);
keyInformationHexString = byteArrayToHexString(keyInformation);
sequenceCounterHexString = byteArrayToHexString(sequenceCounter);
cardChallengeHexString = byteArrayToHexString(cardChallenge);
cardCryptogramHexString = byteArrayToHexString(cardCryptogram);
System.out.println("keyDiversification: " + keyDiversificationHexString);
System.out.println("keyInformation: " + keyInformationHexString);
System.out.println("sequenceCounter: " + sequenceCounterHexString);
System.out.println("cardChallenge: " + cardChallengeHexString);
System.out.println("cardCryptogram: " + cardCryptogramHexString);
System.out.println("Calculating Session Keys... encryption with CBC");
//E.4.1 GP 2.1.1
sessionCMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0101" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionCMAC is :" + byteArrayToHexString(sessionCMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionRMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0102" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionRMAC is :" + byteArrayToHexString(sessionRMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionDEK = deriveEncryptionCBC(staticKey, hexStringToByteArray("0181" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionDEK is :" + byteArrayToHexString(sessionDEK) + ": with sequence counter:" + sequenceCounterHexString);
sessionENC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0182" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionENC is :" + byteArrayToHexString(sessionENC) + ": with sequence counter:" + sequenceCounterHexString);
System.out.println("Calculating and Verifying Card Cryptogram...");
byte[] signature = cbcMACSignature(hexStringToByteArray(hostChallengeHexString + sequenceCounterHexString + cardChallengeHexString + "8000000000000000"), sessionENC);
String signatureHexString = byteArrayToHexString(signature);
if (signatureHexString.equalsIgnoreCase(cardCryptogramHexString)) {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram authenticated");
apduString = generateExternalAuthenticateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU External Authenticate: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generatePutKeyAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Put Key: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
} else {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram is not authenticated");
releaseCardChannel();
public static byte[] cbcMACSignature(byte[] data, byte[] sessionSENC) throws AuthenticationException {
IvParameterSpec params =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
if (sessionSENC.length == 16) {
byte[] temp = (byte[]) sessionSENC.clone();
sessionSENC = new byte[24];
System.arraycopy(temp, 0, sessionSENC, 0, temp.length);
System.arraycopy(temp, 0, sessionSENC, 16, 8);
byte[] temp = null;
SecretKey secretKey = new SecretKeySpec(sessionSENC, "DESede");
try {
Cipher cbcDES = Cipher.getInstance("DESede/CBC/NoPadding");
cbcDES.init(Cipher.ENCRYPT_MODE, secretKey, params);
temp = cbcDES.doFinal(data);
} catch (GeneralSecurityException e) {
e.printStackTrace();
byte[] signature = new byte[8];
System.arraycopy(temp, temp.length - 8, signature, 0, signature.length);
return signature;
// generateInitialUpdateAPDU()
//CLA '80'
//INS '50' INITIALIZE UPDATE
//P1 'xx' Key Version Number
//P2 '00' Reference control parameter P2
//Lc '08' Length of host challenge
//Data 'xx xx…' Host challenge
//Le '00'
//RESPONSE TEMPLATE
//Key diversification data 10 bytes
//Key information 2 bytes
//Card challenge 8 bytes
//Card cryptogram 8 bytes
public static String generateInitializeUpdateAPDU() throws Exception {
hostChallenge = generateHostChallenge();
hostChallengeHexString = byteArrayToHexString(hostChallenge);
return "8050000008" + hostChallengeHexString + "00";
//CLA '80' or '84'
//INS 'D8' PUT KEY
//P1 'xx' Reference control parameter P1 Key Version Number -- '00' is new key range is '01' to '7F'
//P2 'xx' Reference control parameter P2 Key Identifier -- '00' to '7F'
//Lc 'xx' Length of data field
//Data 'xxxx..' Key data (and MAC if present)
//Le '00'
public static String generatePutKeyAPDU() throws Exception {
String keyCheckValue = new String();
//keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
keyCheckValue = byteArrayToHexString(deriveEncryptionECB(newKey, hexStringToByteArray("0000000000000000")));
keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
System.out.println("keyCheckValue :" + keyCheckValue + " 3DES ECB, key is new key '505152535455565758595a5b5c5d5e5f5051525354555657', data is 8 zeroes");
String encryptedNewKey = byteArrayToHexString(deriveEncryptionECB(sessionDEK, newKey));
//System.out.println("sessionDEK.getEncoded() :" + sessionDEK.getEncoded() + " len is:" + sessionDEK.getEncoded().length);
System.out.println("encryptedNewKey :" + encryptedNewKey);
//testing newKey
String dataField = "01" + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue;
// String dataField2 = "01" + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue;
System.out.println("datafield to calculate cmac :" + dataField);
System.out.println("icv to calculate cmac is previous mac first 8 byte sessionCMAC in CBC single des :" + byteArrayToHexString(icvNextCommand));
CMAC = generateCMac2((byte) 0x84, (byte) 0xD8, (byte) 0x00, (byte) 0x81, hexStringToByteArray(dataField), sessionCMAC, icvNextCommand);
System.out.println("data field with des padding for encryption (encryption in CBC sessionENC) :" + desPadding(dataField));
String dataField3 = byteArrayToHexString(deriveEncryptionCBC(sessionENC, hexStringToByteArray(desPadding(dataField))));
System.out.println("data field after encryption :" + dataField3);
Integer CMACLen = byteArrayToHexString(CMAC).length() / 2;
System.out.println("CMACLen :" + CMACLen);
Integer dataFieldLen = dataField3.length() / 2;
System.out.println("dataFieldLen :" + dataFieldLen);
Integer intLc = dataFieldLen + CMACLen;
System.out.println("intLc :" + intLc);
String hexLc = Integer.toString(intLc, 16);
System.out.println("hexLc :" + hexLc);
return "84D80081" + hexLc + dataField3 + byteArrayToHexString(CMAC) + "00";
//generateExternalAuthenticateAPDU()
//CLA '84'
//INS '82' EXTERNAL AUTHENTICATE
//P1 'xx' Security level --'03' C-DECRYPTION and C-MAC.--'01' C-MAC.'00' No secure messaging expected.
//P2 '00' Reference control parameter P2
//Lc '10' Length of host cryptogram and MAC
//Data 'xx xx…' Host cryptogram and MAC
//Le Not present
public static String generateExternalAuthenticateAPDU() throws Exception {
System.out.println("Calculating and Verifying Host Cryptogram...");
hostCryptogram = cbcMACSignature(hexStringToByteArray(sequenceCounterHexString + cardChallengeHexString + hostChallengeHexString + "8000000000000000"), sessionENC);
hostCryptogramHexString = byteArrayToHexString(hostCryptogram);
System.out.println("hostCryptogram is :" + hostCryptogramHexString);
CMAC = generateCMac2((byte) 0x84, (byte) 0x82, (byte) 0x03, (byte) 0x00, hostCryptogram, sessionCMAC, new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
return "8482030010" + hostCryptogramHexString + byteArrayToHexString(CMAC);
// generateSelectAPDU()
//CLA '00' ISO/IEC 7816-4 command
//INS 'A4' SELECT
//P1 'xx' Reference control parameter P1 --'04' select by name
//P2 'xx' Reference control parameter P2 --'00' First or only occurrence --'02' Next occurrence
//Lc 'xx' Length of AID
//Data 'xxxx..' AID of Application to be selected
//Le '00'
// RESPONSE TEMPLATE
//'6F' File Control Information (FCI template) Mandatory
//'84' Application / file AID Mandatory
//'A5' Proprietary data Mandatory
//'73' Security Domain Management Data (see Appendix F for detailed coding) Optional
//'9F6E' Application production life cycle data Optional
//'9F65' Maximum length of data field in command message Mandatory
public static String generateSelectAPDU(String AID) throws Exception {
String AIDlen = Integer.toString(AID.length() / 2, 16);
if (AIDlen.length() == 1) {
AIDlen = "0" + AIDlen;
System.out.println("00A40400" + AIDlen + AID);
return "00A40400" + AIDlen + AID;
public static String byteArrayToHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
return result;
public static void initiateCardChannel() throws CardException {
System.out.println("Connecting to Java Card...");
TerminalFactory factory = TerminalFactory.getDefault();
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals Detected: " + terminals);
// get the first terminal
System.out.println("Connecting to: " + terminals + "...");
CardTerminal terminal = terminals.get(0);
System.out.println("Connected to: " + terminals);
// establish a connection with the card
System.out.println("Connecting to Java Card...");
card = terminal.connect("T=0");
System.out.println("Connected to card: " + card);
System.out.println("Obtaining Channel...");
channel = card.getBasicChannel();
System.out.println("Connecting to Channel: " + channel.getChannelNumber());
public static void releaseCardChannel() throws CardException {
System.out.println("Disconnection all...");
card.disconnect(false);
System.out.println("Disconnection Done");
System.out.println("*END*");
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
return data;
//To generate the derivation data:
public static byte[] deriveEncryptionCBC(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
IvParameterSpec dps =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
String algorithm = "DESede/CBC/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey, dps);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
public static byte[] deriveEncryptionECB(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
String algorithm = "DESede/ECB/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
* Adjust a DES key to odd parity
* @param key
* to be adjusted
public static byte[] adjustParity(byte[] key) {
for (int i = 0; i < key.length; i++) {
int akku = (key[i] & 0xFF) | 1;
for (int c = 7; c > 0; c--) {
akku = (akku & 1) ^ (akku >> 1);
key[i] = (byte) ((key[i] & 0xFE) | akku);
return key;
public static byte[] generateCMac2(byte cla, byte ins, byte p1, byte p2, byte[] dataField, byte[] SMacSessionKey, byte[] icv) throws GeneralSecurityException, Exception {
if (SMacSessionKey.length == 16) {
byte[] temp = (byte[]) SMacSessionKey.clone();
SMacSessionKey = new byte[24];
System.arraycopy(temp, 0, SMacSessionKey, 0, temp.length);
System.arraycopy(temp, 0, SMacSessionKey, 16, 8);
byte[] cMac = new byte[8];
byte[] padding = {(byte) 0x80, 0, 0, 0, 0, 0, 0, 0};
int paddingRequired = 8 - (5 + dataField.length) % 8;
byte[] data = new byte[5 + dataField.length + paddingRequired];
//Build APDU
data[0] = cla;
data[1] = ins;
data[2] = p1;
data[3] = p2;
data[4] = (byte) ((byte) dataField.length + (byte) 0x08);
System.arraycopy(dataField, 0, data, 5, dataField.length);
System.arraycopy(padding, 0, data, 5 + dataField.length, paddingRequired);
System.out.println("data to calculate mac :" + byteArrayToHexString(data));
System.out.println("icv to calculate mac :" + byteArrayToHexString(icv));
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
Cipher singleDesCipher = Cipher.getInstance("DES/CBC/NoPadding", "SunJCE");
SecretKeySpec desSingleKey = new SecretKeySpec(SMacSessionKey, 0, 8, "DES");
SecretKey secretKey = new SecretKeySpec(SMacSessionKey, "DESede");
//Calculate the first n - 1 block. For this case, n = 1
IvParameterSpec ivSpec = new IvParameterSpec(icv);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte ivForLastBlock[] = singleDesCipher.doFinal(data, 0, 8);
int blocks = data.length / 8;
for (int i = 0; i < blocks - 1; i++) {
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte[] block = singleDesCipher.doFinal(data, i * 8, 8);
ivSpec = new IvParameterSpec(block);
int offset = (blocks - 1) * 8;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
cMac = cipher.doFinal(data, offset, 8);
ivSpec = new IvParameterSpec(new byte[8]);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
icvNextCommand = singleDesCipher.doFinal(cMac);
return cMac;
public static byte[] generateHostChallenge() {
byte[] hostChallenge = new byte[CHALLENGE_LENGTH];
SecureRandom random = new SecureRandom();
random.nextBytes(hostChallenge);
return hostChallenge;
public static String desPadding(String hexString) {
System.out.println("String to pad before:" + hexString);
hexString = hexString + "80";
int hexStringLen = hexString.length() / 2;
int padding = 8 - (hexStringLen % 8);
for (int i = 0; i < padding; i++) {
hexString = hexString + "00";
System.out.println("String to pad after :" + hexString);
return hexString;
}Thanks in advance
Kamran -
Facebook Export issue - session key validity?
Love the new feature to upload to Facebook/Flickr - however, everything has been working fine until this morning, went to upload a jpg to Facebook and I get the following error message:
"Bridge encountered and error while exporting: Session key invalid or no longer valid."
The very same file just exported to Flickr no problems. Tried resetting the Module (re-creating from scratch), logged back into Facebook through Bridge, re-authorized, even restarted Bridge and made a completely new file to try in case that jpg was corrupt. Same error every time. I blame Facebook, just wondering if there's a workaround.
Cheers on CS5!Sorry, should've mentioned, I did run the updater beforehand and am currently having these issues in 4.0.2.1
EDIT 1:
Solved (see below), per other post:
In the export panel choose the tiny menu icon top right and click on manage modules. In this view there is also a toothed wheel icon. Click on it and choose reinstall all modules. After this you should restart Bridge.
EDIT 2:
Not so solved - worked for awhile, then suddenly stopped working, tried reinstalling all the modules again, restarting Bridge and now cannot repair the Facebook functionality. Submitting as bug, since only 'fix' is temporary and unreliable.
Message was edited by: ficholasnorneris -
AuthD failed to get auth session
I have a new installation of portal, but something is not working properly (probably our changes to authentication service schemas and organization-level changes).
The message ("AuthD failed to get auth session") shows up in the amAuth log:
ERROR: AuthD init()
com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:617)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:203)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:368)
at com.sun.identity.authentication.service.AuthUtils.<init>(AuthUtils.java:101)
at com.sun.identity.authentication.UI.AuthViewBeanBase.<init>(AuthViewBeanBase.java:67)
at com.sun.identity.authentication.UI.AuthExceptionViewBean.<init>(AuthExceptionViewBean.java:61)There are many reasons to get this error, following may be one of them
Scenario 1: Your directory server is not running
Scenario 2: The naming service not initialized because it could not find the server entry in the platform list, especially if you are running SSL enabled server makes sure you have added the correcsoponding platfrom entry with correct protocol. IF you have forgot to add , you can add it from Directory adminconsole
Scenario 3: In a multiserver installation sharing the same DS, you need to make sure you supply the correct encryption key of the server 1 while installing the second server. To quickly check both are matching check the serverconfig.xml of both servers should be identical
Scenario 4: You have installed the Identity against existing provisoned DIT and selected NO for question 'You want to load IS comapliant DIT' during isntallation. In this case you need to go through the postinstallation steps before accessing the adminconsole -
Monitoring SSL sessions/sec on CSS
Hello,
I have been trying to find the right parameter via CLI or SNMP to monitor the number of SSL sessions/sec. We are using CSS 11503 with a SSL module supporting in theory 800 to 1000 SSL sessions/sec and I'd like to know what the current load is. I am graphing already the flows/sec but this too generic.
Any help is appreciated.
Thanks,
FabriceFabrice,
there might not be an exact counter for connection per seconds, but what most people do [with CSS or other devices] is capture the total number of connections every X seconds, make the difference and divide by X to get the average connection per seconds.
You could use one or combination of the following counters
CSS11503-2(debug)# sho ssl statistics | grep conn
0 Handshake started for incoming SSL connections
0 Handshake completed for incoming SSL connections
0 Handshake started for outgoing SSL connections
0 Handshake completed for outgoing SSL connections
0 TCP connections failed
0 TCP connections established
0 TCP connections originated
0 TCP connections terminated
Gilles. -
Greetings,
I am trying to modify an ftp secure client program written in Java to reuse SSL session when it establishes SSLSocket for ftp passive data connections with a server. It appears that some of the FTP secure servers based on OpenSSL can impose a restriction to allow clients to establish data connection only if the SSL session is reused from the ftp control connection. After running some experiments with JSSE I am noticing that SSL Sessions can be reused only if connecting to the same host at the same port. As soon as I try connecting to a different port, SSL Client does not bother to reuse SSL sessions. Is this a limitation/restriction of JSSE or there is a way to get around this?
Thank you,
PaulIt is danger (easy to get attacks) if you can reuse the session for different port. There is no workaround for SunJSSE.
Maybe you are looking for
-
Ant task for creating a new weblogic domain in weblogic 10.3
Hi, Can anybody help me in writing an ant task in build.xml for creating a new weblogic domain in weblogic 10.3, like as in <target name="new-domain"> <echo message=""/> <echo message="Attempting to create new domain:"/> <delete dir="C
-
Hi Experts, What is Vistex used for?
-
Accuracy of tm-2 - Please report your experience!ll
I had the screen of my tm-2 2010eg (european market) replaced once already, yet, it's accuracy is still gruesome. At the edges it is completely off and even in the fair center of the screen the cursor derivates by 1 - 2 mm into a random direction. It
-
I updated my iPhone 4 to the IOS 7.0.6 update,
I had an update for my IPhone 4 with iOS 7.0.6 and now that I did the update, my phone won't turn back on. I've tried holding down the power button, but it's stuck on the screen with iTunes in the center & the charger connecter at the bottom... I'm c
-
HT4623 when i update iPhone 4S i can open my app and if i m open it its will close why?
when i update iPhone 4S i can open my app and if i m open it its will close why?