Issues with encrypt/decrypt
I got a system that is behaving strange what appears to be randomly.
I create a CURD cfc for this table and to store the password I use
Encrypt and when it's been red from the CFC it gets decrypt by the cfc.
Here is the few lines of code from the CFC that is in charge of it.
On update (same method is doen on crate as well):
<cfif isdefined("arguments.fu_password")>fu_password=<CFQUERYPARAM value="#left(encrypt(trim(arguments.fu_password), this.encKey),250)#" cfsqltype="cf_sql_varchar" maxlength="250">,</cfif>
On read (after I query the database):
<cfloop query="qReadFrontend_Users">
<cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
</cfloop>
It worked well (I use this method everywhere I need to save the data encrypted) for a long time, and IT STILL works well on my server. But about 2 months a go I started to get errors that the input/output of the encryption is not the same.
The MUST strange thing is that the errors will be sent to me WITOUT the page being viewed been relocated to the error page (which is what happens when an error accurse on that system). And on top of that the CFC would RETURN the SQL with the RIGTH INFO !! IE it decrypts the info but yet say there was a problem.
I then added this to the CFC …
<cftry> <!--- THIS IS A TEST --->
<cfloop query="qReadFrontend_Users">
<cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
</cfloop>
<cfcatch type="any">
<cfmail from="****" to="*****" subject="FRONT END USERS CFC CF CATCH EMAIL !!!!" type="html">
cfcatch:
<cfdump var="#cfcatch#">
<BR><BR>
arguments:
<cfdump var="#arguments#">
<BR><BR>
Query
<cfdump var="#qReadFrontend_Users#">
<BR><BR>
this
<cfdump var="#this#">
<BR><BR>
cgi
<cfdump var="#cgi#">
</cfmail>
<cfreturn qReadFrontend_Users>
</cfcatch>
</cftry>
And I started getting emails. in all of the emails the RETRURNED query is fine, as I mentioned above.
I also checked the DB, outputting each row and its decrypt password, the problems is not in the DATA IT SELF, the data is k-ok !.
And again this happens totally on random, no pattern to it what so ever.
My Q' is, did any one encountered something like this?
My first guess was that the SQL is not ok in some why, but I have NO idea what to look for.
Please HELP : )
Sorry, I have solved this problem, Thank you.
Similar Messages
-
MPS 200 with J 4.6. We are having issues with encryption and unable to install latest, J 4.7.2
We have an MPS 200 with J 4.6. We are having issues with encryption and the tech assigned to our TAC case informed us that version J 4.7.2 would resolve the issue per release notes (confirmed). Unfortunately we have been unable to install latest, J 4.7.2. Every time we select the 4000j472.tar.gz file, the MPS displays software upgrade failed. We have used IE 8, 9 and 11 and have opened them up as much as possible, still no joy. We have unzipped the file, but do not know which file to select for the install.
Would appreciate any assist.As the others have suggested - download the file again - and check that the MD5 Checksum (with something like WinMD5) of what you have downloaded matches what it should be (for J4.7.2 is b328946e6ca24f181c937d90d8e5cc12). Then upload the .tar.gz file as downloaded (wihtout extracting it).
Wayne
Please remember to rate responses and to mark your question as answered if appropriate. -
Error running SSIS package to do with encrypting/decrypting password. Help needed.
Getting this error. Can anyone shed some light? This is the first promote since 2009. Protection level of the package is 'EncryptSensitiveWithPassword' I'm new at SSIS so don't assume I know anything.
10/30/2014 16:11:06,HPAddress_Export,Error,0,SSQLTST01\SSQLTST02,HPAddress_Export,(Job outcome),,The job failed.
The Job was invoked by User AHCCCS\Administrator. The last step to run was step 1 (Step 1).,00:00:02,0,0,,,,0
10/30/2014 16:11:06,HPAddress_Export,Error,1,SSQLTST01\SSQLTST02,HPAddress_Export,Step 1,,Executed as user: AHCCCS\svcssqltst01. ....00.5324.00 for 32-bit
Copyright (C) Microsoft Corp 1984-2005. All rights reserved.
Started: 4:11:06 PM Error: 2014-10-30 16:11:07.05
Code: 0xC001405F Source:
Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.
End Error Error: 2014-10-30 16:11:07.37
Code: 0xC001405F Source:
Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.
End Error Error: 2014-10-30 16:11:07.79
Code: 0xC0202009 Source: HPAddress_ExportPackage Connection manager "SQL.HealthPlanAddressChanges.hpac"
Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80040E4D.
An OLE DB record is available. Source: "Micros...
The package execution fa... The step failed.,00:00:02,0,0,,,,0Hi,
From the error message “Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.“, it seems that the error is caused by the password to decrypt
an encrypted XML node was not specified or incorrect.
Besides, the EncryptSensitiveWithPassword Protection level means user should use a password to encrypt only the values of sensitive properties in the package. To open the package in SSIS Designer, the user must provide the package password. If the password
is not provided, the package opens without the sensitive data and the current user must provide new values for sensitive data. If the user tries to execute the package without providing the password, package execution fails.
So in order to resolve this issue, we should provide the password when executing the package. When you execute a package with this setting using DTEXEC, you can specify the password on the command line using the /Decrypt password command line argument.
Reference:
Access Control for Sensitive Data in Packages
Securing Your SSIS Packages Using Package Protection Level
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Issue with encrypted stdin in solaris
hi all ..
i've found a following problem:
i need to build .bin file installer for customer .. i am used to use following way:
cat script.sh data.tgz > installer.binbut when trying from within script cut data.tgz part, returned file is encrypted and its type is changed
from :: data.tgz: gzip compressed data - deflate method
to :: foo.tgz: gzip compressed data - deflate method , extra field , original file name , comment , encrypted
it works like charm under Linux and under osx, i tested it under these two other NIXes. I created a example script which accepts both solaris and Linux:
#!/bin/sh
case `uname -s` in
Linux ) tar=`which tar`;;
SunOS ) tar=`ls /usr/sfw/bin/gtar || echo missing gtar binary 1>&2 && exit 1`;;
esac
sed '1,/^###\ end$/d' $0 | md5sum -;
sed '1,/^###\ end$/d' $0 | $tar tzvf -;
exit 0;
### endyou can put there some random .tgz file for testing ..
just for example, under solaris md5sum differs and gtar vomits following error message while trying to unpack extracted .tgz:
# ./installer.bin
09bd431049e6777a1f8db5c35bf00018 -
gzip: stdin is encrypted -- not supported
/usr/sfw/bin/gtar: Child died with signal 13
/usr/sfw/bin/gtar: Error exit delayed from previous errors^^ so i presume that the main problem is in message: *"gzip: stdin is encrypted -- not supported"*
Linux prints out a correct md5sum and content of archive for exactly same file ..
any idea please?
regards, danielthanks .. resolved .. it causes Sun flavoured sed .. perl produces correct cut data.tgz part this way:
# perl -ne 'if(/^### end$/) {$print=1; next}; print if $print' installer.bin | md5sum -; md5sum data.tgz
e8d365e3b01e2712fbddb85b240aca10 -
e8d365e3b01e2712fbddb85b240aca10 data.tgzresolved !!
regards, daniel -
Provisioning issues with password changes
I have installed and configured IDM7.1+sp3 with our AS Java portal. Most features seems to work OK, except:
1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
1.2. Can lock the user - but not unlock.
1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
1.4. If the user's password expires, he gets prompted to change it - this change works fine.
After "devouring" all the documentation I could fine... I read in the Release Notes the following:
2.1. Users are authenticated by the SAP NetWeaver AS Java (and not by the Identity Center). The password policy of the Identity Center is not used.
= enabling or disabling "password provisioning" in the Password Policy tab makes no difference then?
2.2 The login task does no longer exist since the authentication is done by the SAP NetWeaver AS Java (UME).
= ok I get this part...
2.3 Change of password is handled by SAP NetWeaver AS Java (UME) and the change password task is no longer available.
= so the Password Reset tab is also "pointless"?
2.4 A user's MSKEYVALUE is used as the UME logon ID.
= right
2.5 Password reset is handled by SAP NetWeaver AS Java. See SAP NetWeaver Identity Management Identity Center Implementation Guide u2013 Self-service password reset for details
= (what should I do with this?) I did get this working but stopped with some error about the "encrypt password".
My SAP landscape is pretty standard (no custom fields/attributes) - so the IDM Provisioning framework should work "out of the box" - in my understanding...
Any ideas?
Sorry about the multiple postings - issue with proxy server. Pls ignore/remove the extras.Hi.
I try to give some answers based on my experience below:
1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
>> Have you checked that the user has correct language set in Java UME? Also check that in Presentation page of the corresponding Attribute the Display name parameter is set with corresponding languages used.
1.2. Can lock the user - but not unlock.
>> Can you see any errors e.g. in Job Log? Would help to solve the issue
1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
>> The reason might be the encryption of the password. Typically the UI should take care of the encrypting the password into MX_ENCRYPTED_PASSWORD attribute, especially when you're implementing tasks like Self Service Password Reset. I've noticed that when I disabled the Enable Password Provisioning option for the Identity Store, I got rid of the error regarding attribute MX_ENCRYPTED_PASSWORD and UI automatic encryption started to work. (In my case two way pwd provisioning is not needed) Otherwise if you have issues with encrypted password in your custom tasks, check whether the value is encrypted and use java script to encrypt the password when reading the value form the UI field and saving it to MX_ENCRYPTED_PASSWORD attribute, if applicable.
Hopefully this helps you even a bit.
Br. Jukka -
Having issues replacing cfusion_encrypt with encrypt()
we have a series of applications that use cfusion_encrypt() to encrypt query strings passed between and with in applications. We are currently running CF10 and are not experiencing any problems. We are looking at upgrading to CF11 and are now experiencing a plethora of errors related to encrypt/decrypt.
the issue i am currently working on is related to encrypt a url. no matter how I code the key,algorythm, or encoding, The encrypted portion of the url shows up as part of the link.
example:
<cfset theURL ="method=c.login&pid=validateLoginObj&vid=0&datasource=foo">
<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?encrypt(theURL, '123','CFMX_COMPAT','UU')">
<a class="nav_link" href="#encryptedUURL#">Inventory</a>
when the page is displayed, the user sees:
"WL.5KP1EY"3\'?=KH1* target="blank"> Inventory " as the link
(yes I shortened the encrypted string for demo purposes)
this sort of thing is through out 8 major applications
any suggestions on how to prevent this?
Message was edited by: john birdsellAs @fergusondj correctly shows, your URL is incorrect because you encrypt all of it, so the http://localhost part is not even working and the URL cannot even resolve. You need to tag on the encrypted part to the unencrypted URL prefix, otherwise the link won't work at all. That is the crux of the problem, so this is what the code should really look like:
<cfset theURL ="method=c.login&pid=validateLoginObj&vid=0&datasource=foo">
<cfset encryptedUURL = encrypt(theURL, '123', 'CFMX_COMPAT', 'UU')>
<a class="nav_link" href="http://localhost/1/2/inventory/index.cfm?<cfoutput>#URLEncodedFormat(encryptedUURL)#</cfoutput>">Inventory</a>
To ensure that the URL has all valid characters you can use URLEncodedFormat(). You can URLDecode() the other way around when you process the link. -
Issue with parallel operation of SAP NW SSO 2.0 and SNC Client Encryption (Logon Groups)
Hi!
One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
Example: p:CN=SAP/[email protected]
The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
Replacing the SNC Library on the AS ABAP
The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is = p:CN=SAP/[email protected].
After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
The problem
We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.
Any ideas how to solve this and have both solutions in parallel?
Appreciate any help.
Regards,
CarstenHi all,
we was able to fix the issue. It was an issue with the customers cluster configuration and the $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
This was how the configuration looks before:
Environment variable $SECUDIR is defined:
"/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
sapgenpse seclogin -l -v
running seclogin with USER="<SID>adm"
Credentials for username '<SID>adm':
0 (LPS:OFF):
(LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
1 (LPS:OFF):
(LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
Thread closed hope this helps someone
Carsten -
Problem in using socket streams with encryption and decryption
Hi,
I am developing a client/server program with encryption and decryption at both end. While sending a message from client it should be encrypted and at the receiving end(server) it should be decrypted and vice versa.
But while doing so i got a problem if i use both encryption and decryption at both ends. But If i use only encryption at one (only outputstream) and decryption at other end(only inputstream) there is no problem.
Here is client/server pair of programs in which i am encrypting the outputstream of the socket in client side and decrypting the inputstream of the socket in server side.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
public static void main(String args[])
try
{ //server listening on port 2000
ServerSocket server=new ServerSocket(2000);
while (true)
Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
//Input starts from here
Reader in=new InputStreamReader(getNetInStream(theConnection.getInputStream()),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
in.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static BufferedInputStream getNetInStream(InputStream in) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataDec = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecDec = new DESKeySpec(desKeyDataDec);
SecretKeyFactory keyFactoryDec = SecretKeyFactory.getInstance("DES");
SecretKey desKeyDec = keyFactoryDec.generateSecret(desKeySpecDec);
// use Data Encryption Standard
Cipher desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKeyDec);
CipherInputStream cin = new CipherInputStream(in, desDec);
BufferedInputStream bin=new BufferedInputStream(new GZIPInputStream(cin));
return bin;
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
public static void main(String args[])
try
Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
//Output starts from here
OutputStream out=getNetOutStream(theConnection.getOutputStream());
out.write("Please Welcome me\n".getBytes());
out.flush();
out.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static OutputStream getNetOutStream(OutputStream out) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataEnc = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecEnc = new DESKeySpec(desKeyDataEnc);
SecretKeyFactory keyFactoryEnc = SecretKeyFactory.getInstance("DES");
SecretKey desKeyEnc = keyFactoryEnc.generateSecret(desKeySpecEnc);
// use Data Encryption Standard
Cipher desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKeyEnc);
CipherOutputStream cout = new CipherOutputStream(out, desEnc);
OutputStream outstream=new BufferedOutputStream(new GZIPOutputStream(cout));
return outstream;
Here is client/server pair in which i use both encrypting outpustream and decrypting inputstream at both ends.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
private Cipher desEnc,desDec;
serverSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
ServerSocket server=new ServerSocket(2000);
while (true)
final Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n'|| c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
System.out.println("it will not be printed");
out.write("You are Welcome\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output Thread : "+e);
output.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
serverSocketDemo server=new serverSocketDemo();
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
private Cipher desEnc,desDec;
clientSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desDec = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
final Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
out.write("Please Welcome me\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output thread : "+e);
output.start();
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
System.out.println("it will not be printed");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Server : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
clientSocketDemo client=new clientSocketDemo();
**** I know that the CInput tries to read some header stuff thats why i used two threads for input and output.
Waiting for the reply.
Thank you.Do not ever post your code unless requested to. It is very annoying.
Try testing what key is being used. Just to test this out, build a copy of your program and loop the input and outputs together. Have them print the data stream onto the screen or a text file. Compare the 1st Output and the 2nd Output and the 1st Input with the 2nd Input and then do a static test of the chipher with sample data (same data which was outputted), then do another cipher test with the ciphertext created by the first test.
Everything should match - if it does not then follow the steps below.
Case 1: IO Loops do not match
Case 2: IO Loops match, but ciphertext 1st run does not match loop
Case 3: IO Loops match, 1st ciphertext 1st run matches, but 2nd run does not
Case 4: IO Loops match, both chiphertext runs do not match anything
Case 5: Ciphertext runs do not match eachother when decrypted correctly (outside of the test program)
Problems associated with the cases above:
Case 1: Private Key is changing on either side (likely the sender - output channel)
Case 2: Public Key is changing on either side (likely the sender - output channel)
Case 3: Private Key changed on receiver - input channel
Case 4: PKI failure, causing private key and public key mismatch only after a good combination was used
Case 5: Same as Case 4 -
How to resolve bug RC4 encrypt-decrypt on iPAD with AIR15 only
Hi everybody,
I have some trouble with AIR15 only, In the past, I created a small game on iPad It could send or receive messge from server. I used lib as3crypto.swc encrypt or decrypt message (RC4). But when I upgrade to AIR15 encrypt-decrypt cannot work ( Another thing about this crash is that it only happens with a release (adhoc or appstore) build but NOT with a debug build). I check so many time but i don't know what is problem here.
Please help me, thanks so much any advice.
P/S: My game have many swf files (code and resource). I must combine multiple SWF files into one.
Class RC4.as
import com.hurlant.crypto.prng.ARC4;
import com.hurlant.util.Base64;
import com.hurlant.util.Hex;
import flash.utils.ByteArray;
public class RC4
private static const key:String = "keytest";
private static var byteKeys:ByteArray = Hex.toArray(Hex.fromString(key));
private static var rc4:ARC4 = new ARC4();
public static function encrypt(clearText:String):String
var byteText:ByteArray = Hex.toArray(Hex.fromString(clearText));
rc4.init(byteKeys);
rc4.encrypt(byteText);
return Base64.encodeByteArray(byteText);
public static function decrypt(encryptedText:String):String
var byteText:ByteArray = Base64.decodeToByteArray(encryptedText);
rc4.init(byteKeys);
rc4.decrypt(byteText);
return Hex.toString(Hex.fromArray(byteText));Sorry, exact message is "this movie could not be played".
There are hundreds of posts about this message but no one states a clear solution to the problem.
Your help will be much appreciated.
Thank you. -
Cisco Agent Desktop / Supervisor Desktop Issue with Full Disk Encryption
Has anyone had any issues related to running Cisco Agent Desktop or Cisco Supervisor Desktop on a machine running full disk encryption? Our desktop team installed full disk encryption software from Check Point, and it seams to be causing some issues with call monitoring, screen pops via workflow and connectivity to the UCCX server. It's not effecting every machine (that we know of), but the fix for us right now is to provide a desktop without the encryption software. I'm just wondering if this is related to us, or if there is any supporting documentation out there?
Any help is apprecicated.CAD for IPCCX v4 does not support windows 7. See compatibility matrix:
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_compatibility/matrix/crscomtx.pdf
In my experience if you already have CAD installed and you upgrade the OS (without a fresh rebuild) CAD will work - but it is NOT supported. You should test this though.
You will not be able to install the older version of CAD on windows 7, the installer will give you errors.
Brian
please rate helpful posts -
Encrypt/decrypt same file with two different passwords
Hi everyone:
I'm quite new to Java and cryptography in general and have a theoretical question. Is the following scenario possible and how would it be implemented:
Two users with two passwords (say, a regular user and a superuser) encrypt, decrypt, read from and write to the same file. The secret key for encryption and decryption should be based on their passwords (generated from their passwords), i.e. not stored anywhere on the system.
I've been racking my brains but can't think of a way. Am I missing an obvious solution?
Can it be done?
Thanks,
MichaelI don't think you can avoid having more than just a password hash stored on the system. Using a combination of my approach and Jeff's approach I can implement this as long as you allow a password protected key store to be stored on each system. A given user's key store would contain his RSA private key and associated public key together with the admin user's RSA certificate (thought the admin user's public key could be stored in the program since it does not have to be kept private). The admin user's key store would contain only his RSA private and public keys.
Assume that the data file is to be create by a standard non-admin user. His code performs the following actions -
1) Generates a random symmetric algorithm key. Say a 128 bit AES key.
2) He write a digest of this to the output file.
3) He writes the random key encrypted with his public key to the file.
4) He writes his public key (or certificate) to the file.
5) He writes the random key encrypted with the admin users public key to the file.
6) He encrypts the data using the random key writes the result to the file.
This user can then update the file by
1) reading from the file the digest of the random key.
2) reading the random key encrypted with his public key.
3) Decrypting this encrypted random key using his private key extracted from his keystore.
4) Check the digest of this key to make sure he has the correct random key.
5) skipping his certificate and the random key encrypted using the admin user's public key.
5) Decrypting the data using the random key.
6) Update the data.
7) Re-encrypt the file as described in the first part using a new random key.
The admin user can
1) read from the file the digest of the random key.
2) skip the random key encrypted using the user's public key.
3) reading the user's public key from the file (for use later if the file needs to be updated).
4) read the random key encrypted using the admin's public key.
5) decrypting the random key using the admin's private key obtained from his key store.
6) check the digest of the random key to make sure it is correct.
7) decrypt the the data.
The admin can edit the data since he can re-encrypt the data in a similar manner to the way it was created in the first place. -
Any known issues with SQL DB Link Synonyms joining on encrypted columns
Are there any known issues with accessing encrypted columns via a database link that is masked by a synonym?
We are experiencing unexpected results when the encrypted column is anti-joined through a not exists, to a local encrypted column of the same datatype The encrypted columns are person ids. If the expected person id is hard coded, the results return correctly. The local database is 10.2.0.4.0 and the link is to a 10.2.0.3.0 RAC.
Both enrollments and person_ids, below, are synonyms to the linked tables.
... From table_1 d
where ...
AND NOT EXISTS (SELECT 1
FROM enrollments x,
person_ids p
WHERE x.person_demo = p.person_demo
AND x.rept_inst = d.rept_inst
AND x.demo_time_frame = d.term_deg_grant
AND p.person_id_encrypted = '999999999')
vs.
... From table_1 d
where ...
AND NOT EXISTS (SELECT 1
FROM enrollments x,
person_ids p
WHERE x.person_demo = p.person_demo
AND x.rept_inst = d.rept_inst
AND x.demo_time_frame = d.term_deg_grant
AND p.person_id_encrypted = d.person_id_encrypted)milazzo74 wrote:
I am having the same problem...
http://www.milazzo.com.br/teste/projetos.php
It works fine in Firefox but loads forever in explorer 8...
The cause of the problem is not the same.
In your case it takes forever to load the thumbnails from flickr.com; the SpryDataSets without the loading of the thumbnails works as expected.
Remember that ALL of the thumbnails for each 60 odd projects are downloaded from flickr, that is about 1800 thumbnails.
Gramps -
Encryption issue with Xperia Z2 - hangs intermittently - anyone come across this?
Hi all,
I'm on my second Z2, having returned my first for what I thought at the time may have been a hardware issue.
Basically the device intermittenlyhangs and the screen cannot be switched on with the power button on the side. It needs a reboot via the Power and Volume up buttons. I can reliably reproduce the hang by downloading one of the 6 free movies to my SD card, but it also happens intermittetly when I'm not using the phone. If it hangs during download, the charge rapidly drops (eg from 100% to 69% within 30 minutes) and the unit gets very hot.
I bellieve I've isolated this issue to enabling encryption for the device and SD card. Without these options enablied the device is rock solid. I have reproduced the issue on my replacement. phone. No apps other than those supplied out the box were installed at the time. Having subsequently removed encryption - a huge pain as it meant a factory reset , reformat of my SD card and re-download of the movies due to the DRM - the phone is rock solid once again.
Encryption is a standard feature of Android, which I've been using on my previous Samsung Galaxy S3 and S4 with no problems whatsoever, so this is quite worrying if it is a bug. On a non related note - I disovered also that the backup application does not work if encryption is enabled.
Just wondering whether any other Z2 users on the forum have come across this issue so far?Hi again,
Just posting a follow up.
I've done some testing and I seem to have narrowed the problem down to the use of the Sony Movies application with encryption enabled on the Z2.
If I launch the Movies application and start a download of one of the 6 free movies, and leave the phone alone, then it eventually hangs as I've described in my OP. If I press the Power button shortly after the hang happens the screen does not switch. If I hold the power button down the Z2 spontaneously reboots If however the phone has been in the hang state for a while then it can only be recovered by using the Power and Volume+ buttons.
The hang also occurs if I launch the Movies application and leave it running in the background. The phone eventually goes into the hang state. The battery charge rapidly drains down during the time the phone is in the hang state, losing 30% or more charge in a short time.
If I do not launch the Movies application then the phone appears stable with encryption enabled. If I do not enable encryption then the phone is rock solid. This behaviour has occured on my original Z2 and on the replacemement that my mobile operator sent me, as I orginally thought my first unit had a hardware problem.
I've sent a description of the issue to Sony via the "Contact us" link on Xperia Care Support. Hopefully this will be addressed. -
Hi:
I have source code in c which can do encrypt and descrypt with des_cbc, now I want to implement the
java version with javax.crypto.*, but it tells java.security.InvalidKeyException
can anyone find the error for me?
I think the problem is at Cipher.getInstance(...), ...
java code: suppose the String data contains the encypted string.
/* get key factory */
keyFactory=KeyFactory.getInstance("RSA","SunRsaSign");
//cipher=Cipher.getInstance("DESede/CBC/PKCS5Padding");
cipher=Cipher.getInstance("DES/CBC/NoPadding");
System.out.println("get cipher");
/* get private key */
FileInputStream keyfis=new FileInputStream("/home/roger/private.der");
byte[] encKey=new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
PKCS8EncodedKeySpec privKeySpec=new PKCS8EncodedKeySpec(encKey);
prvKey=keyFactory.generatePrivate(privKeySpec);
cipher.init(Cipher.DECRYPT_MODE, prvKey);
System.out.println("cipher inited");
byte[] recoveredtext = cipher.doFinal(data.getBytes());
return new String(recoveredtext );
the src to generate key:
#!/bin/sh
if [ "$1" = "" ]; then
openssl genrsa -out temp.pem;
else
openssl genrsa -out temp.pem -rand $1 $2;
fi
openssl pkcs8 -topk8 -inform PEM -outform PEM -in temp.pem -out private.pem -v2 des3
openssl pkcs8 -topk8 -inform PEM -outform DER -in temp.pem -out private.der -nocrypt
openssl rsa -inform PEM -in temp.pem -outform PEM -out public.pem -pubout
openssl rsa -inform PEM -pubin -in public.pem -outform DER -out public.der
rm temp.pemthe script above generated keys (private.der and public.der) can really be used to do Signature.sign()
and veirfy(), which can get from file like this
/* get private key */
FileInputStream keyfis=new FileInputStream("/home/roger/ssdk/private.der");
byte[] encKey=new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
PKCS8EncodedKeySpec privKeySpec=new PKCS8EncodedKeySpec(encKey);
prvKey=keyFactory.generatePrivate(privKeySpec);
/* get public key */
keyfis=new FileInputStream("/home/roger/ssdk/public.der");
encKey=new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
X509EncodedKeySpec pubKeySpec=new X509EncodedKeySpec(encKey);
pubKey=keyFactory.generatePublic(pubKeySpec);
then be used like this:
sig.initVerify(pubKey);
sig.update(data.getBytes());
byte[] signature=HexToBytes(sigHex);
return signature==null ? false : sig.verify(signature);
of do sign()
but when used to do encrypt / decrypt, as I quoted above, it can not pass the cipher.init(...) with InValidKeyException
Can anyone throw a light ?
does it because the key is not a sunJCE provided format? (cause it is ssl)
great thanks -
My PC can connect to the new airport extreme I just purchased but with encryption it cannot connect to the internet my iMac has no issues. If I open the airport exteme up and provide no security everything is fine which leads me to believe it is something with the encryption between the two devices. Not sure what step I'm missing here this shouldn't be this difficult.
Sorry, I should have been more clear. I am asking if the DNS IP addresses, not the IP addresses assigned by the DHCP service, are the same. DNS is like the Internet's version of the Yellow Pages. Your ISP typically will provide them to you or you can elect to use those provided by another source, like OpenDNS.
DNS is the service that translates a website's URL to its actual IP address so that you can access it. I am just trying to rule out that the PC is not configured properly with the correct DNS IP information.
The other thing to check is if the PC is configured to use a Proxy service. By default, it would not be.
Finally, what is the make & model of the PC. More importantly, if the PC is using either a PCI or USB wireless adapter, what is its make & model?
Maybe you are looking for
-
Podcasts do not show up on the car ipod menu
Just purchased iPod Classic for new car. Connected iPod to USB but my podcasts do not display on my iPod car display, just music.
-
Io exception: There is no process to read data written to a pipe.
Hi there, I get following Exception when i try to open a connection from a AIX machine to a Oracle Database. Fehler: Io exception: There is no process to read data written to a pipe. java.sql.SQLException: Io exception: There is no process to read da
-
I am trying to burn my mov file to DVD. It keeps telling me that there is not enough space on the DVD even though the DVD states that it has 1 hour for HQ, 2 hours for SP, 4 hours for LP. The sequence is about 90 minutes.
-
New iphone ios7 calender - crap
Is there anyway to get the old standard calender back on iphone? I updated the software & find the new calender isn't as user friendly. I have downloaded other calender/ daily planners but they take too long to load . If there is no way of getting th
-
Hebrew diacritic dots (nikud) displayed left of proper position in...
Hebrew dictionaries and flashcards apps Definitely ios 7 problem because same apps displayed properly in previous ios versions also checked flashcards sqlite database on pc and the cards display properly. I'm curious to know if anyone else is experie