OIM encryption/decryption error
I am building a new environment by importing resources, lookup definitions, etc from an existing environment via deployment manager. Both the environments are same in s/w and h/w config:
OIM: 9.1.0.2 BP18
Weblogic: 10.3.2
Windows Server 2008 R2 64 bit
After the installation of new environment:
I have copied the .xlkeystore and .xldatabasekey from old environment to new.
Changed the password in xlconfig.xml file on new environment as plain text from old environment.
Updated the xelsysadm password in the USR table from the value old environment.
Restarted the system
Now I am able to login to OIM using the xelsysadm password from old environment.
xlconfig.xml has the new password in the encrypted format.But, now when I import a resource from old environment to new environment, I see all the values in the encrypted format both at OIM GUI as well as design Console.
In the .out logs I get the exception:
INFO,11 Apr 2012 18:11:11,790,[XELLERATE.PERFORMANCE],Query: DB: 16, LOAD: 0, TOTAL: 16
ERROR,11 Apr 2012 18:11:11,790,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Given final block not properly padded
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(Unknown Source)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.decryptDataSet(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParametersData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParameters(Unknown Source)
at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession.getITResourceInstanceParameters(Unknown Source)
at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession_7uvp44_EOImpl.getITResourceInstanceParameters(tcITResourceInstanceOperationsSession_7uvp44_EOImpl.java:77)
at Thor.API.Operations.tcITResourceInstanceOperationsClient.getITResourceInstanceParameters(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubje
Why you copied these things from OLD environment - .xlkeystore and .xldatabasekey ?
Take backup of these files and restore your original files in new environment and restart the server.
Similar Messages
-
Packet Encryption/Decryption error
This error message is from a site-to-site VPN router. The whole error message is like:
Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
Thanks in advanceXuam,
what was the fix to your problem. I am getting exact same problem.
Alphonse -
Java-oracle-java encryption-decryption error.
Hi
We have a program which encrypts strings using DES and writes the encrypted to an oracle data. The code is similar to the following:
private static String encrypt(String property) throws GeneralSecurityException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return base64Encode(pbeCipher.doFinal(property.getBytes()));
This works consistently across jvms / os / hw / etc.
Unfortunately, the original version was writing it to the db as strings and now, these can't be de-crypted as oracle returns different values from the column.
I was wondering whether there was any way of retrieving these values now.
Regards
V
Edited by: user10510492 on Sep 28, 2011 1:59 PMYou need to try to find out what characterset was originally used to create the strings, this was either specified explicitly in the code, or done with the default Java encoding for your platform. Unfortunately there still is potential for loss of information which might prevent you from correctly decrypting the string (eg, bytes not in the characterset might have been converted to a questionmark, ASCII controlcodes might have been converted to something safer by your database, etc).
-
Encrypt/decrypt AES 256, vorsalt error
Hiyas.
So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
<!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
<cfset theAlgorithm = "Rijndael/CBC/PKCS5Padding" />
<cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
<!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
<cfset theIV = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
<!---<cfset theIV128 = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
<cffunction name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
<cfargument name="szToEncrypt" type="string" required="true"/>
<cfset secretkey = gKey>
<cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
<cfreturn szReturn>
</cffunction>
<cffunction name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
<cfargument name="szToDecrypt" type="string" required="true"/>
<cfset secretkey = gKey>
<cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>
<cfreturn szReturn>
</cffunction>
<cfset szStart = form["toencrypt"]>
<cfset szStart = "Test me!">
<cfset szEnc = DoEncrypt(szStart)>
<cfset szDec = DoDecrypt(szEnc)>
<cfoutput>#szEnc# #szDec#</cfoutput>Hi edevmachine,
This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
Example:
<cfscript>
BouncyCastleCFC = new path.to.BouncyCastle();
string = "ColdFusion Rocks!";
key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
</cfscript>
Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
- An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
- An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
- An explanation of how to connect the Bouncy Castle classes together
- Bouncy Castle's doc for the Rijndael Engine
And here is the full CFC as posted in the StackOverflow discussion:
<cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
<cffunction name="createRijndaelBlockCipher" access="private">
<cfargument name="key" type="string" required="true" >
<cfargument name="ivSalt" type="string" required="true" >
<cfargument name="bEncrypt" type="boolean" required="false" default="1">
<cfargument name="blocksize" type="numeric" required="false" default=256>
<cfscript>
// Create a block cipher for Rijndael
var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
// Create a Block Cipher in CBC mode
var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
// Create Padding - Zero Byte Padding is apparently PHP compatible.
var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
// Create a JCE Cipher from the Block Cipher
var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
// Create the key params for the cipher
var binkey = binarydecode(arguments.key,"hex");
var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
var binIVSalt = Binarydecode(ivSalt,"hex");
var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
return cipher;
</cfscript>
</cffunction>
<cffunction name="doEncrypt" access="public" returntype="string">
<cfargument name="message" type="string" required="true">
<cfargument name="key" type="string" required="true">
<cfargument name="ivSalt" type="string" required="true">
<cfscript>
var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
var byteMessage = arguments.message.getBytes();
var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
var cipherText = cipher.doFinal(outArray,bufferLength);
return toBase64(outArray);
</cfscript>
</cffunction>
<cffunction name="doDecrypt" access="public" returntype="string">
<cfargument name="message" type="string" required="true">
<cfargument name="key" type="string" required="true">
<cfargument name="ivSalt" type="string" required="true">
<cfscript>
var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
var byteMessage = toBinary(arguments.message);
var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
var originalText = cipher.doFinal(outArray,bufferLength);
return createObject("java", "java.lang.String").init(outArray);
</cfscript>
</cffunction>
<cfscript>
function getByteArray(someLength)
byteClass = createObject("java", "java.lang.Byte").TYPE;
return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
</cfscript>
</cfcomponent>
Thanks!,
-Aaron -
Error in running encryption/decryption using DES in Websphere Dev't Client
Hello!
I have a code used to encrypt / decrypt a string (password). I have already tested it using Netbeans and it is working. But when I tried to add the java code to an existing web project using Websphere Development Client,, javax.crypto.* is not recognized. Then I imported JCE.jar.
The java code contains no errors then, but when I started to run the project, it gives an Error 500. And below is the Console's error message:
E SRVE0026E: [Servlet Error]-[javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found]: java.lang.NoSuchMethodError: javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found[/b]
Have I missed something to add? Or other things that I should do upon importing this jar file?
Please help.
Advance thanks for your reply.
misyelI dont know what version of Java that my Websphere's using. But I am very sure that it is outdated. I am using Websphere 5.0. For Netbeans, it is JDK1.5.
I imported the JCE from JDK 1.5 on Websphere.
I think the code works perfectly fine. Actually it was my friend's code for encryption but they are using Eclipse for development (almost the same from Websphere but somehow different from it.)
My idea is that I cant match the versions of the jarfiles used in my project. As much as I wanted to change the imported jar files, I couldn't for when I replaced the existing jar files, more and more errors occur.
can we have any alternative ways of importing the jar files? or is there any other code that might help that will not use the JCE.jar?
I really appreciate your response. thanks
misyel -
Hi all,
I have one admin server 8 managed servers in cluster environment. I am using node
manager to start managed servers. I used the demo certificate and private key
file provided by BEA before getting my real certificate, but when I got the real
certificate the node manager can't no more. The error I am getting is this :
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
on command line options, try "java weblogic.nodemanager.NodeManager help">
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
Error decrypting Secret Key
at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
--------------- nested within: ------------------
weblogic.security.internal.encryption.EncryptionServiceException - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
Secret Key]
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
here is the setting of node manager
# Set user-defined variables.
BEA_HOME="/opt/app/weblogic"
WL_HOME=${BEA_HOME}/weblogic700
NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
#Set NODEMANAGER variables
NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
NODEMANAGER_LISTENADDRESS="uxmwpr01"
NODEMANAGER_LISTENPORT="5501"
NODEMANAGER_REVERSEDNS="true"
NODEMANAGER_SSLVERIFICATION="true"
NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
NODEMANAGER_NATIVEIO="true"
${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
-Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
-Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
-Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
-Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
-Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
-Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
-Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
weblogic.nodemanager.NodeManager"Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
Hi,
I am wondering if anyone has tried creating a domain on a weblogic server by copying
and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
to the new installation %bea_home%\config\DomainName.
When I do this I get the following error when starting up the weblogic server:
"The WebLogic Server did not start up properly. Exception raised:
weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
Secret Key" when loading config.xml
I assume this is because the weblogic system password is encrypted in the config.xml
file. Is there anyway I can get around this so I can easily clone weblogic servers?
Thanks,
JasJas,
Yeah the security key is tied to the server, what exactly are you
trying to accomplish? Do you want seperate domains or servers? Are
they on different physical servers?
Also what version of wls? 6 or 7?
Will try to help you if I can
Steve -
Oim Strting errror- Error XELLERATE.ACCOUNTMANAGEMENT
Hi ,
I am getting the following error when I am starting the OIM server.
<Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Input length must be multiple of 16 when decrypting with padded cipher
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:219)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
at com.thortech.xl.dataobj.tcDataSet.decryptDataSet(tcDataSet.java:1431)
at com.thortech.xl.dataaccess.tcDataBase.readPartialPreparedStatement(tcDataBase.java:1365)
at com.thortech.xl.dataaccess.tcDataBase.readPreparedStatement(tcDataBase.java:1158)
at com.thortech.xl.dataobj.PreparedStatementUtil.execute(PreparedStatementUtil.java:60)
at oracle.iam.ldapsync.impl.eventhandlers.LDAPAddMissingObjectClasses.initialize(LDAPAddMissingObjectClasses.java:177)
at oracle.iam.platform.kernel.impl.OrchConfig.getinitializedEventHandler(OrchConfig.java:205)
at oracle.iam.platform.kernel.impl.OrchConfig.<init>(OrchConfig.java:123)
at oracle.iam.platform.kernel.impl.KernelObjFactory.<init>(KernelObjFactory.java:54)
at oracle.iam.platform.kernel.impl.KernelObjFactory.<clinit>(KernelObjFactory.java:48)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.<init>(OrchestrationEngineImpl.java:71)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
But OIM started and I can able to view the OIM Admin consle.
I need to know why this error came and How to resolve it?
Please try to help me.
Thanks & Regards,
KarthickLooks like you are using LDAPSync post OIM installation and the encryption on the IT resource was not setup correctly. Follow the steps from MOS Article: 1307549.1 for the solution.
_Cause:_
Encryption of the Directory Server IT Resource data in SVP table was not accomplished.
The fields that are plain text are:
Server URL
Use SSL
Admin Login
Admin Password
Search Base
User Reservation Container
_Solution_
1. Use the following query to find fields with "plain text" values:
select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
from svp
inner join spd on spd.spd_key = svp.spd_key
inner join svr on svr.svr_key = svp.svr_key
2. Set these plain text values to null after making backup of table.
3. Edit the Directory Server to re-set values.
Expected error at this stage:
-- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --
4. Re-entered the values for the IT Resource.
5. Saving the changes and verify that SVP values are now all encrypted.
With correct values and encryption, then users are able to be created.-Bikash -
Help for a newbie on encryption/decryption
I want to start with a text file.
Read in a line of ascii characters, encrypt it using some algorithm and output it as a new set of ascii characters.
What algorithm should I use?thanks a lot. I got the encryption/decryption working pretty easily.
However, I ran into problem when I got to storing keys:
I stored it fine with this code
try {
KeyGenerator keyGen = KeyGenerator.getInstance("DES");
desKey = keyGen.generateKey();
cipher = Cipher.getInstance("DES");
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = "lemein";
char passwd[] = password.toCharArray();
keyStore.load(null, passwd); //initialize keyStore
Certificate[] chain = new Certificate[1];
String alias = "test";
keyStore.setKeyEntry(alias, desKey, passwd, null);
String fileName = "data/gkey.txt";
FileOutputStream f = new FileOutputStream(fileName);
keyStore.store(f, passwd); // <----------exception happens here
} catch (Exception e)
{ e.printStackTrace();
I got problem when I retrieve it with this code
KeyGenerator kg = null;
Key key = null;
cipher = null;
Security.addProvider(new com.sun.crypto.provider.SunJCE());
byte[] result = null;
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("data/gkey.txt"), "lemein".toCharArray());
key = keyStore.getKey("test", "lemein".toCharArray());
cipher = Cipher.getInstance("DES");
byte[] data = "Hello World!".getBytes();
System.out.println("Original data : " + new String(data));
cipher.init(Cipher.ENCRYPT_MODE, key);
result = cipher.doFinal(data);
System.out.println("Encrypted data: " + new String(result));
} catch (Exception e) {
e.printStackTrace();
I get the error:
java.security.UnrecoverableKeyException: DerInputStream.getLength(): lengthTag=75, too big.
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
Any idea what the problem is?
Thanks -
Encrypt/decrypt using update
Hi,
can someone give me an encrypt/decrypt pair of code samples that use the cipher.update() call.
i am trying it like that but apparently it doesn't work
byte[] temp = new byte[message.length/2];
byte[] temp2 = new byte[message.length/2];
System.arraycopy(message, 0, temp, 0, temp.length);
System.arraycopy(message, temp.length, temp2, 0, temp.length);
ciphertext = new byte[message.length];
System.arraycopy(symmetricCipher.update(temp), 0, ciphertext, 0, temp.length);
System.arraycopy(symmetricCipher.doFinal(temp2), 0, ciphertext, temp.length, temp.length);ode]
>
I don't see how using the inputstream i would avoid
the memory error, when passing anything over
10,000,000. Unless you mean I split the input, and
write small chunks into disk as I encrypt them?Your basic problem is that you have the data as one large array. I don't know how and why you created this large array; I would not to create it unless there was no other way.
Since it does not make sense to create one large encrypted byte array and given that you have a byte array then you can use either
1) Create a ByteArrayInputStream and wrap it in a CipherinputStream. This would allow you to encrypt the array in a sequential manner a few KBytes at a time.
or
2) Encrypt the array a few KBytes at a time using a simple update(array, start, length) that returns the encrypted bytes.
But first, I would try to avoid creating the large 'cleartext' array. -
RSA decryption Error: Data must start with zero
Because of some reasons, I tried to use RSA as a block cipher to encrypt/decrypt a large file. When I debug my program, there some errors are shown as below:
javax.crypto.BadPaddingException: Data must start with zero
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:394)
at javax.crypto.Cipher.doFinal(Cipher.java:2299)
at RSA.RRSSA.main(RRSSA.java:114)
From breakpoint, I think the problem is the decrypt operation, and Cipher.doFinal() can not be operated correctly.
I searched this problem from google, many people met the same problem with me, but most of them didn't got an answer.
The source code is :
Key generation:
package RSA;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.logging.Level;
import java.util.logging.Logger;
public class GenKey {
* @param args
* @author tang
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
KeyPairGenerator KPG = KeyPairGenerator.getInstance("RSA");
KPG.initialize(1024);
KeyPair KP=KPG.genKeyPair();
PublicKey pbKey=KP.getPublic();
PrivateKey prKey=KP.getPrivate();
//byte[] publickey = decryptBASE64(pbKey);
//save public key
FileOutputStream out=new FileOutputStream("RSAPublic.dat");
ObjectOutputStream fileOut=new ObjectOutputStream(out);
fileOut.writeObject(pbKey);
//save private key
FileOutputStream outPrivate=new FileOutputStream("RSAPrivate.dat");
ObjectOutputStream privateOut=new ObjectOutputStream(outPrivate);
privateOut.writeObject(prKey)
}Encrypte / Decrypt
package RSA;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.Key;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
//import sun.misc.BASE64Decoder;
//import sun.misc.BASE64Encoder;
public class RRSSA {
* @param args
public static void main(String[] argv) {
// TODO Auto-generated method stub
//File used to encrypt/decrypt
String dataFileName = argv[0];
//encrypt/decrypt: operation mode
String opMode = argv[1];
String keyFileName = null;
//Key file
if (opMode.equalsIgnoreCase("encrypt")) {
keyFileName = "RSAPublic.dat";
} else {
keyFileName = "RSAPrivate.dat";
try {
FileInputStream keyFIS = new FileInputStream(keyFileName);
ObjectInputStream OIS = new ObjectInputStream(keyFIS);
Key key = (Key) OIS.readObject();
Cipher cp = Cipher.getInstance("RSA/ECB/PKCS1Padding");//
if (opMode.equalsIgnoreCase("encrypt")) {
cp.init(Cipher.ENCRYPT_MODE, key);
} else if (opMode.equalsIgnoreCase("decrypt")) {
cp.init(Cipher.DECRYPT_MODE, key);
} else {
return;
FileInputStream dataFIS = new FileInputStream(dataFileName);
int size = dataFIS.available();
byte[] encryptByte = new byte[size];
dataFIS.read(encryptByte);
if (opMode.equalsIgnoreCase("encrypt")) {
FileOutputStream FOS = new FileOutputStream("cipher.txt");
//RSA Block size
//int blockSize = cp.getBlockSize();
int blockSize = 64 ;
int outputBlockSize = cp.getOutputSize(encryptByte.length);
/*if (blockSize == 0)
System.out.println("BLOCK SIZE ERROR!");
}else
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] cipherData = new byte[outputBlockSize*blocksNum];
//encrypt each block
for (int i = 0; i < blocksNum; i++) {
if ((encryptByte.length - i * blockSize) > blockSize) {
cp.doFinal(encryptByte, i * blockSize, blockSize, cipherData, i * outputBlockSize);
} else {
cp.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize, cipherData, i * outputBlockSize);
//byte[] cipherData = cp.doFinal(encryptByte);
//BASE64Encoder encoder = new BASE64Encoder();
//String encryptedData = encoder.encode(cipherData);
//cipherData = encryptedData.getBytes();
FOS.write(cipherData);
FOS.close();
} else {
FileOutputStream FOS = new FileOutputStream("plaintext.txt");
//int blockSize = cp.getBlockSize();
int blockSize = 64;
//int j = 0;
//BASE64Decoder decoder = new BASE64Decoder();
//String encryptedData = convert(encryptByte);
//encryptByte = decoder.decodeBuffer(encryptedData);
int outputBlockSize = cp.getOutputSize(encryptByte.length);
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] plaintextData = new byte[outputBlockSize*blocksNum];
for (int j = 0; j < blocksNum; j++) {
if ((encryptByte.length - j * blockSize) > blockSize) {
cp.doFinal(encryptByte, j * blockSize, blockSize, plaintextData, j * outputBlockSize);
} else {
cp.doFinal(encryptByte, j * blockSize, encryptByte.length - j * blockSize, plaintextData, j * outputBlockSize);
FOS.write(plaintextData);
//FOS.write(cp.doFinal(encryptByte));
FOS.close();
}Edited by: sabre150 on Aug 3, 2012 6:43 AM
Moderator action : added [ code] tags so as to make the code readable. Please do this yourself in the future.
Edited by: 949003 on 2012-8-3 上午5:311) Why are you not closing the streams when writing the keys to the file?
2) Each block of RSA encrypted data has size equal to the key modulus (in bytes). This means that for a key size of 1024 bits you need to read 128 bytes and not 64 bytes at a time when decrypting ( this is probably the cause of your 'Data must start with zero exception'). Since the input block size depends on the key modulus you cannot hard code this. Note - PKCS1 padding has at least 11 bytes of padding so on encrypting one can process a maximum of the key modulus in bytes less 11. Currently you have hard coded the encryption block at 64 bytes which is OK for your 1024 bits keys but will fail for keys of modulus less than about 936 bits.
3) int size = dataFIS.available(); is not a reliable way to get the size of an input stream. If you check the Javadoc for InputStream.available() you will see that it returns the number of bytes that can be read without blocking and not the stream size.
4) InputStream.read(byte[]) does not guarantee to read all the bytes and returns the number of bytes actually read. This means that your code to read the content of the file into an array may fail. Again check the Javadoc. To be safe you should used DataInputStream.readFully() to read a block of bytes.
5) Reading the whole of the cleartext or ciphertext file into memory does not scale and with very large files you will run out of memory. There is no need to do this since you can use a "read a block, write the transformed block" approach.
RSA is a very very very slow algorithm and it is not normal to encrypt the whole of a file using it. The standard approach is to perform the encryption of the file content using a symmetric algorithm such as AES using a random session key and use RSA to encrypt the session key. One then writes to the ciphertext file the RSA encrypted session key followed by the symmetric encrypted data. To make it more secure one should actually follow the extended procedure outlined in section 13.6 of Practical Cryptography by Ferguson and Schneier. -
Hi everybody,
I got this trap massage on WLC.
The client failed to communicate, it was still associated wiht WLC though.
the trap massage log is blow
"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
Thanks.We use Dynamic wep key, EAP-TTLS / PEAP.
I attach the output.
WLAN Identifier.................................. 1
Profile Name..................................... kssl
Network Name (SSID).............................. kssl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.9.44 1812
Authentication................................ 10.10.9.45 1812
Accounting.................................... 10.10.9.44 1813
Accounting.................................... 10.10.9.45 1813
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Enabled
--More-- or (q)uit
Encryption:..................................... 104-bit WEP
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Disabled
Client MFP.................................... Optional but inactive (WPA2 no
t configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
Thank you. -
Failed to call DBMS_CRYPTO.ENCRYPT / DECRYPT
I tried to use Oracle 11gR2 DBMS_CRYPTO to perform AES256 encryption/decryption. From the Oracle Ref., it specifies "Security Model - Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed." So requested DBA to grant EXECUTE privilege for the SYS.DBMS_CRYPTO.
I successfully run the SQL "select DBMS_CRYPTO.RANDOMBYTES(64) from dual;", but when I tried to implement Package body. The compiler prompted errors: PLS-00201: identified 'DBMS_CRYPTO' must be declared.
Please kindly help and advise. Thanks!
Src code of the package body:
CREATE OR REPLACE PACKAGE BODY PKG_TOOLKIT AS
g_encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;
FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
l_key VARCHAR2(512);
l_text VARCHAR2(32767) := p_text;
l_encrypted RAW(32767);
BEGIN
getKey(l_key);
l_encrypted := DBMS_CRYPTO.ENCRYPT(src => UTL_I18N.STRING_TO_RAW(l_text, 'AL32UTF8'),
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN l_encrypted;
END;
FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
l_key VARCHAR2(512);
l_decrypted VARCHAR2(32767);
BEGIN
getKey(l_key);
l_decrypted := DBMS_CRYPTO.DECRYPT(src => p_raw,
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN RTrim(UTL_I18N.RAW_TO_CHAR(l_decrypted, 'AL32UTF8'));
END;
END PKG_TOOLKIT;
/From the Package DBMS_CRYPTO -> Grants, I found there is a privilege "EXECUTE" granted to grantee "ORADEV1". "ORADEV1" is the login ID I'm using to connect to Oracle. Can I tell whether the DBA is granting the privilege to this id or it's role thru Oracle Developer?
-
Encryption/decryption through jar file and classes
Hi,
My application uses tomcat as web server.
I am doing encrytion and decyption.
i fetch encypted data from database and then decrypt it
If i use calsses in webapps -> WEB-INF -> classes folder, i place classes in that ,
In other case i use jar file and place that file in WEB-INF -> lib folder in the webapps directory.
There is huge performance difference.
While using classes performance is great while using jar file performance is very disappointed.
I am using a file for encryption /decryption also.Are you getting any error messages? Have you put debugging code in those classes to see what is happening?
-
Decrypt Errors occuring in WLC Log
Hi all,
we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
Even more frequently we see the following message in the log:
%ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
The WLC is an 2106, the APs are 1242AG.
We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
Anyone else got these messages (and hopefully fixed them :))
Greets,
SebastianHi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...
-
Decrypt errors occurred for client
I am getting error messages for clients:
11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0
12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
These are only occuring for clients that are disconnecting....
They can reconnect after a WLC reboot....
We have swapped APs.....
I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.
Is this a client issue (nic firmware, version) or is this an error in the controller??
AIR-WLC2106-K9
IOS ver: 6.0.196.0
ThanksThis means that the client is using a different key than the one he agreed on using with the AP. There were bugs about this long time ago but nothing recent.
I've seen this happening a lot with old/not updated clients. It rarely happens on intel adapters with latest drivers for example.
So I'd suggest checking the client pattern (are the clients facing this all having old wireless drivers ?).
It can also happen if you offer funny encryption combinations that client doesn't like (wpa1+aes, wpa2+tkip). Try to only enable wpa2/aes and see if it helps.
Nicolas
Maybe you are looking for
-
Drop Down List not working correctly
Hi I have created one 'DropDown' List box with static entry list. When i am selecting the entries nothing is happening. I want to pass the selected value, how to do that? Regards Sandeep
-
IPad Calendar crashes immediately after opening
Having trouble with the Calendar app. My ipad and my dad's immediately crashes after opening. What should I do? Anyone else having this problem?
-
Hi all, I have a DVD that was (mostly) created on a Sony DVD recorder. The camera was plugged directly into the unit, play was pressed on the camera and record was pressed on the unit. This was done twice. After doing that, we could play the DVD back
-
How to delete unwanted text caller
I keep getting unsolicited text messages. I can edit it and delete the conversation, but not the caller contact number. How can i delete that?
-
Photoshop Elements 8 for Mac Download
I recently bought a new MacBook Pro which doesn't have a CD/DVD drive. I need to download a copy of Photoshop Elements 8 for Mac. Any ideas where I can do this??