MAC verification fails
I am having the problem with mac verification on card. I am not sure where to find an error. The story goes like this. The card and terminal know DH parameters P, Q and G. Card calculates KICC = GˇPrK.ICC.DH mod P where PrK.ICC.Dh is the random number between 0 and Q-1. That number is sent to the terminal. From the terminal the card receives the KIFD number. Then card calculates the KSEED=PuK.IFD.DHˇPrK.ICC.DH mod P. Then this calculation is performed:
KENC = SHA-1(KSEED || 0001)
KMAC= SHA-1(KSEED || 0002)
These two keys are used for the encryption and for the mac calculation. At the bottom you can find how I make KSEED. At this part of the code the KSEED is stored in the crypto.tmpBytes variable. After that the secure messaging channel is established and the card receives the message. First the MAC is checked. The MAC check failed. Then, only for the test purpose I uncomment that. Then MAC is not checked and the decryption is performed. The decrypted message was well formed and the decrypted message had correct value. What conclusion can I make. I believe that the keys are correctly defined because if it is not done properly, then the decryption would not result with the expected value. Right? If that is so, why the MAC calculation failed on my side. There could be several reasons. The first is that the MAC key on both side is not the same. But if we assume that we define the keys properly we could eliminate this as a problem. The next thing that can influence the MAC check fails is that the MAC is done differently on both side.
Can I really eliminate the key definition as the cause of the problem.
// Calculation of the KSEED
crypto.randomData.generateData(buffer, (byte)0, (short) (dh.q.length - 1));
((RSAPublicKey)crypto.publicKeys[5].key).setExponent(buffer, (short) 0, (short) (dh.q.length - 1));
((RSAPublicKey)crypto.publicKeys[5].key).setModulus(dh.p, (short) 0, (short)dh.p.length);
Cipher c = crypto.publicKeys[5].getCipher(Cipher.ALG_RSA_NOPAD);
c.init((RSAPublicKey)crypto.publicKeys[5].key, Cipher.MODE_ENCRYPT);
short encLen = c.doFinal(crypto.ifdMaterialKeyAsym, (short)0, (short) crypto.ifdMaterialKeyAsym.length, crypto.tmpBytes, (short)0);
//Calculation of the session keys
crypto.secureMessagingAsym(algorithm);
//Calculation of the KICC (The terminal uses it to generate KSEED)
encLen = c.doFinal(dh.g, (short)0, (short) dh.g.length, crypto.tmpBytes, (short) 6);
Util.arrayCopy(crypto.tmpBytes, (short) 6, crypto.iccMaterialKeyAsym, (short) 0, (short) encLen);
public void secureMessagingAsym(byte algorithm) {
// calculate session keys
short keysPos = SM_ASYM_TRANSPORT_KEY_LENGTH;
deriveKey(tmpBytes, (short)0, SM_ASYM_TRANSPORT_KEY_LENGTH, MAC_MODE, keysPos, algorithm);
short macKeyPos = keysPos;
keysPos += SESSION_KEY_LENGTH;
deriveKey(tmpBytes, (short)0, SM_ASYM_TRANSPORT_KEY_LENGTH, ENC_MODE, keysPos, algorithm);
short encKeyPos = keysPos;
keysPos += SESSION_KEY_LENGTH;
setSecureMessagingKeys(tmpBytes, macKeyPos, tmpBytes, encKeyPos);
public void deriveKey(byte[] buffer, short keySeedOffset, short keySeedLength, byte mode, short keyOffset, byte alg)
throws CryptoException {
// only key_offset is a write pointer
// sanity checks
if ((short)buffer.length < (short)((short)(keyOffset + keySeedLength) + c.length)) {
ISOException.throwIt((short)0x6d66);
if(keySeedOffset > keyOffset) {
ISOException.throwIt((short)0x6d66);
c[(short)(c.length-1)] = mode;
// copy seed || c to key_offset
Util.arrayCopyNonAtomic(buffer, keySeedOffset, buffer, keyOffset, keySeedLength);
Util.arrayCopyNonAtomic(c, (short) 0, buffer, (short)(keyOffset + keySeedLength), (short)c.length);
// compute hash on key_offset (+seed len +c len)
short length = 0;
if(alg == ALG_MUTUAL_AUTH_SHA1 || alg == ALG_ASYM_AUTH_SHA1) {
messageDigest1.doFinal(buffer, keyOffset, (short)(keySeedLength + c.length), buffer, keyOffset);
messageDigest1.reset();
length = 56;
else if(alg == ALG_MUTUAL_AUTH_SHA256 || alg == ALG_ASYM_AUTH_SHA256) {
messageDigest256.doFinal(buffer, keyOffset, (short)(keySeedLength + c.length), buffer, keyOffset);
messageDigest256.reset();
length = 80;
// parity bits
for (short i = keyOffset; i < (short)(keyOffset + length); i++) {
if (PKIUtil.evenBits(buffer) == 0)
buffer[i] = (byte) (buffer[i] ^ 1);
Hi,
The first step I would take is to eliminate the keys as the issue. Can you use the MAC key pair for an encryption/decryption operation as you did for the other keys? If this works then you can be sure the key pair is correct. There is a good chance there is an issue with the MAC calculation and the keys are correct but first you should be sure.
Cheers,
Shane
Similar Messages
-
The verification fails everytime I download Firefox to my mac. How can I fix?
I've tried to download Firefox twice and I keep getting the error message "verification failed". Same thing with Thunderbird. I have Mac osx
You can find the latest Firefox release in all languages and for all Operating Systems here:
*Firefox 19.0.x: http://www.mozilla.org/en-US/firefox/all.html
Try to repair the disk permissions:
*http://thexlab.com/faqs/repairprocess.html -
My Mac is a 10.4.11. I installed the flash player 10.1 through a website called Jibjab.com. once installed and on that site, my computer started going through a "refresh loop", so to speak. Wasn't sure if it was the site or the new FP version, so uninstalled and tried to re-install Flash...now, when trying to download, I get a "verification failed" message on my download page. Any ideas on how to resolve this? Thanks in advance for any help I can receive on this issue!
Hi, You should only use Adobe sites and links to Install Flash Player.
Download and SAVE the Adobe Uninstaller to your Desktop:
http://kb2.adobe.com/cps/141/tn_14157.html
Then go to this Adobe site and download and SAVE to your Desktop the Installer for Mac:
http://www.adobe.com/products/flashplayer/fp_distribution3.html
Then close all browsers, run the Uninstaller and then Reboot(restart) your computer. Then run the Installer and then Reboot.
When that is completed check to make sure the Shockwave Flash plugin is Installed and Enabled.
Hope that helps,
eidnolb -
Various Software Updates (Intel)" Can't be Installed (verification failed!)
This is essentially a repost of a problem unsolved, but with a new wrinkle:
When I first reported this two months ago, it was just happening on an Intel iMac. Now, someone else in the office just purchased a MacBook Pro, and from the SAME NETWORK, is have the exact same problem!
The process is to run Software Update. Select an update. Downloading begins. But when it gets to the end, Software Update reports:
The update "<whatever the update is named>" Can't be Installed
The digital signature for this package is incorrect. The package may have been tampered with or correupted since being signed by "Apple".
Tried this several times, same message.
So, in the case of the 10.4.8 update, I tried downloading the stand-alone installers (MacOSXUpd10.4.8Intel.dmg and then MacOSXUpd10-1.4.8Intel.dmg).
Both stand-alone packages downloaded, but got a "verification failed" message in the Safari DOWNLOADS window.
Plenty of hard disk space. Permissions Repaired.
I SUSPECT the problem has something to do with either 1) the NetGear router (which connects to the DSL modem) or the Airport Base Station (which connects to the physical network, which connects to the NetGear Router).
Both Macs (iMac & MacBook Pro) are connected via the AIrport base station.
I'm pretty sure I have a good network connection, because I am able to use Apple Remote Desktop to see into the network and connect to the iMac with no connection errors.
Any ideas from all you gurus out there?I am having the same problems on my wifes iMac. Any large updates just won't come down. Someone had suggested memory problems, but I have done a full hardware check and all is cool. My G5 on the same network get's it's updates OK.
However, when I try to download the combined 10.4.8 update (149Mb) for my wife (via my machine) I still get a verification error! I don't know what to do next. The problems started with the 10.4.8 update, so maybe it's 10.4.7 related? -
Hi all,
I've been seeing a really weird problem with signing my HTML5 extension for Illustrator. I'm using the ZXPSignCmd tool to create a .zxp bundle and sign my extension from the command line. I'm able to install the extension using the Extension Manager, and I've also been able to distribute it to a private group through Adobe Exchange. It installs just fine, and runs great the first time, but after closing Illustrator and reopening it the extension often fails to load and just shows a blank window. I'm on a Mac, and looking at the log file here shows the following error when it happens:
/Users/<<userName>>/Library/Logs/CSXS/csxs-ILST.log
2014-12-17 10:18:02 : ERROR Signature verification failed for <<extensionID>>
This is the only indication I have that it is a problem with the certificate. It seems really strange that it installs without errors and works once, but then fails when trying to load again. I was using a self-signed certificate, but I just bought a certificate from DigiCert to see if that would help, but I'm still having the same problem.
This actually happens very rarely on my machine, but happens frequently to my other users. I assume this is somehow because I have been doing the development on this computer, so something is different about my extension environment.
Has anyone else seen this issue at all? Does anyone have any tips that might help me to debug this? Other log files to look at, potential problems with the certificate or manifest file? I've tried about everything I could think of, so any help would be greatly appreciated!
Thanks,
JamesNailed :-)
For the folder you might save files into, there are few tokens in CEP:
/* Identifies the path to user data. */
SystemPath.USER_DATA = "userData";
/* Identifies the path to common files for Adobe applications. */
SystemPath.COMMON_FILES = "commonFiles";
/* Identifies the path to the user's default document folder. */
SystemPath.MY_DOCUMENTS = "myDocuments";
/* Identifies the path to current extension. */
/* DEPRECATED, PLEASE USE EXTENSION INSTEAD. */
SystemPath.APPLICATION = "application";
/* Identifies the path to current extension. */
SystemPath.EXTENSION = "extension";
/* Identifies the path to hosting application's executable. */
SystemPath.HOST_APPLICATION = "hostApplication";
Otherwise you can rely on JSX folder tokens such as Folder.appData, Folder.userData etc (see a complete list on pages 56-57 of the JavaScript Tools Guide pdf) and create your extension's own folder.
Mind you, CEP extensions should support both indexedDB and localStorage - one of them might fit your needs.
Best
Davide Barranca
www.davidebarranca.com
www.cs-extensions.com -
"extension cannot be installed because licensing verification failed"
Hi everyone,
I have the Adobe Photography plan for Photoshop CC, and it works perfectly fine, it will open and close normally, but when i try to install an extension, it will give me this error message: "extension cannot be installed because licensing verification failed". Please help. Much appreciated!!Is your extension directly downloaded from https://creative.adobe.com/addons
If yes, Please click "Tools"->"Preferences" menu item in Extension Manager, check "Enable detailed logging" option. Restart Extension Manager. Try to install the extension. After error message promopt, send the log files under "C:\Users\<YourUserName>\AppData\Roaming\Adobe\Extension Manager CC\Log" (Windows) or "/Users/<YourUserName>/Library/Application Support/Adobe/Extension Manager CC/Log" (Mac) folder to [email protected] -
This extension cannot be installed because licensing verification failed
I'm logged into CC, but when trying to install an extension I get the error "This extension cannot be installed because licensing verification failed."
I can log in to Adobe.com, but when I use the SAME credentials in extension manager it fails. This just started happening today.
Mac OS X Mavericks
Adobe CC Suite
Any ideas?Would you please try follow steps:
1. Quit Adobe Creative Cloud , Extension Manager and all Adobe products.
2. Rename opm.db to opm.db.bak in
Windows: c:\Users\<yourname>\AppData\Local\Adobe\OOBE
MAC: /Users/<yourname>/Library/Application Support/Adobe/OOBE
3. Launch Extension Manager CC.
4. Install your extensions.
Please let me know if it does not help. -
Verification failed! codec overrun!
So this is a brand new MacBook given to me yesterday as a Graduation present. I haven't been able to download anything (such as MSN messenger for Mac and Firefox for MAC, both of which have been downloaded from Apple website). I have tried probably fifty times. Each time I get the same error message 'verification failed' and then 'codec overrun'. I've called Apple three times today, and had to reinstall my software three times. Nothing has worked.
The Mac people don't know how to fix it.
Help anyone???I'm getting this same error, from Firefox AND Safari. I'm using a TiPB/867MHz with a gig of RAM. I did the archive install (which mucked up my Apache2/PHP install, but that's another story), I did AppleJack.
Once I did the "downgrade" from 10.4.11 to 10.4.6, I was able to download the two Java updates (20 and 36MB - ????) but I can't download the 10.4.11 update at 186MB.
I also can't download things like Plone, iWork '08 demo, and a lot of other things. BUT I went to my Intel Macbook and the same links download fine.
I thought it was bad RAM, but I ran Techtool and everything checked out OK. Applejack didn't find any problems either. -
The PyramidVille game in Facebook is not loading.I have no problems with the other games.I'm receiving the message" Forbidden 403" CSRF Verification failed.Request aborted. More information is available with Debug= True edit
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove the Cookies" from sites causing problems:
* Tools > Options > Privacy > Cookies: "Show Cookies"
Reload web page(s) and bypass the cache.
* Press and hold Shift and left-click the Reload button.
* Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
* Press "Cmd + Shift + R" (MAC) -
How to download iOS 6 on iPhone 4??. Keeps saying "verification fAiled. Request has timed out"
Try try again. Thre server are heavily loaded. The connection dropped becasue the computer thinks it waited to long. Disabling your security software on the computer can help resolve this too.
-
DB:11.1.0.7
Oracle Apps:12.1.1
OS:RHEL Linux 4 86x64
Hi All,
On executing the following command on node 2 of TEST instance, we received the following error but did not find any such error messages in node 1
Notes: (1) Node 1 has java version:
java -version
java version "1.6.0_10"
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
Java HotSpot(TM) Server VM (build 11.0-b15, mixed mode)
(2) Node 2 has java version:
java -version
java version "1.4.2"
gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Error message in node2:
On executing the following command on node 2 of TEST instance, we received the following error:
java oracle.jrad.tools.xml.importer.XMLImporter /tmp/custdocs/oracle/apps/pos/home/webui/customizations/site/0/PosHpgOrders.xml ....
/usr/bin/java: line 36: [: `)' expected, found -
Exception in thread "main" java.lang.VerifyError: verification failed at PC 152 in oracle.jdbc.driver.OracleDriver:registerMBeans(()V): String, int, or float constant expected
at JvBytecodeVerifier.verify_fail(byte, int) (/usr/lib64/libgcj.so.5.0.0)
at JvBytecodeVerifier.verify_instructions_0() (/usr/lib64/libgcj.so.5.0.0)
at JvVerifyMethod(_Jv_InterpMethod) (/usr/lib64/libgcj.so.5.0.0)
at JvPrepareClass(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
at JvWaitForState(java.lang.Class, int) (/usr/lib64/libgcj.so.5.0.0)
at java.lang.VMClassLoader.linkClass0(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
at java.lang.Class.initializeClass() (/usr/lib64/libgcj.so.5.0.0)
at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib64/libgcj.so.5.0.0)
at oracle.adf.mds.tools.util.ConnectUtils.getDBConnection(java.lang.String) (Unknown Source)
at oracle.jrad.tools.xml.importer.XMLImporter.importDocuments(java.lang.String[], java.sql.Connection) (Unknown Source)
at oracle.jrad.tools.xml.importer.XMLImporter.main(java.lang.String[]) (Unknown Source)
Could anyone please share such an issue faced before and provide resolution as to what's wrong in here in node 2?
Thanks for your time!
Regards,Hi,
(2) Node 2 has java version:
java -version
java version "1.4.2"Do you run this command as applmgr user? If yes, did you source the application env file?
Could anyone please share such an issue faced before and provide resolution as to what's wrong in here in node 2?Why the java version is different on the both nodes?
Thanks,
Hussein -
Verification Failed. The certificate for this server is invalid
I am trying to backup my iPad to iCloud. I get:
Verification Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
I am logged onto the wifi at work and I can surf the Internet so the connection is OK.
How do I begin to debug this issue?Hey everyone,
I had this issue for few months already! I have a @me.com mail address, theoretically should be compatible with iCloud, just for some reason, it's not working!!
The mail all work fine on my macbook and iPhone, just the ipad kept showing the error message, the "verification failed".
The internet is wi-fi and it all working fine.
Now here is the solution.
Make sure you got internet connected fine.
Go Setting --> Mail, Contacts, Calendars --> Add Account --> Other
--> Add Mail Address -->
in the description, it will auto showing "Me", don't change it!
Go "Next" -->
in the Incoming Mail Server
Host Name --> Type "imap.mail.me.com"
Then your user name and password
in the Outgoing Mail Server
Host Name --> Type "smtp.mail.me.com"
Then your user name and password
Then next and save it.
This should work, it works for me,
Hope this helps!! -
Verification failed certificate for this server is invalid
I attempt to log into the iCloud on my iPod over a WiFi connection and it gives me the Verification Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
Why am I getting this and how can I access the iCloud to backup my files?This happened to me because my router was configured to use Open DNS servers (Primary 208.67.222.222, Secondary 208.67.220.220). Temporarily adjusting the DNS settings on the router to 4.2.2.1 and 4.2.2.2 did the trick. Open DNS does weird things with certain certificates. Even if your router is configured to used something else, try the ones listed above to see if it makes a difference.
-
Trying to set up a 2nd device on Mobile Me and it's telling me "Verification Failed, Certificate for this server is invalid, I might be connecting to a server that is pretending to be setup.me.com which can put my confidential information at risk." Please tell me what this means and how to correct it. My 1st device set up with Mobile Me just fine.
Check your date/time settings if correct.
Happened to me when I changed the battery then I found out that the settings is not yet set.
Works flawless now!
Good luck! -
My computer is T61 (8891CT), but Blue Screen came out and reported--unmountable boot volume. I ran the diagnostic program and got the error code 0000: Read verification failed. I can’t run anything now including the restore and rescue. Has the hard drive died?
If the hard drive has died, I have to change the hard drive, but how to transfer the system (I don’t have any CD) and think vantage software? Thank you very much for you help.Hi equalefk,
Yes, definitely sounds like it's time to replace the HDD.
Hope it helps.
Maliha (I don't work for lenovo)
ThinkPads:- T400[Win 7], T60[Win 7], IBM 240[Win XP]
IdeaPad: U350
Apple:- Macbook Air [Snow Leopard]
Did someone help you today? Compliment them with a Kudos!
Was your question answered today? Mark it as an Accepted Solution!
Lenovo Deutsche Community Lenovo Comunidad en Español
Visit my YouTube Channel
Maybe you are looking for
-
Unable to Open Process Route Tab in DIR (PLM webUI page)
Hello PLM Guru's I am unable to open the Process Route Tab in the DIR Web UI page.I get an error message for "Name: AcfApplet, Publisher : SAP AG , Location :http://..../com_sap_acf_updown.jar".When I click run it keeps running but not opening the Pr
-
DB Link between 8i and 10g : INSERT query parse once for every execution ?
Hi, All Wonder if there is anyone out there who has processes that work among 8i x 10g databases through DB Link, and could enlight this. I have the following INSERT statement : INSERT INTO SAFX01 (COD_EMPRESA, COD_ESTAB, DATA_OPERACAO, CONTA_DEB_CRE
-
LSMW-DIRECT INPUT PERMISSION ERROR
Hi I am creating lsmw program for classification, it showing one error like 'no logical path has been specified' in specify files step. But i created logical path & file and when ever run the last step there have showing error like that " Logical fil
-
Importing keywords from non-Bridge file
I've just received the CS3 Suite. Prior to this, photos, where I work, had keywords added to the XP file preference (right clicking on a photo and choosing preferences). I need a way to get those keywords into Bridge. I've hundreds of photos and know
-
I can't download adobe flash player ( safari win )
i can't download adobe flash player on safari windows , it's started at 7 % and suddenly turn to 47% and give me massage ( download time out )