Packet Encryption/Decryption error
This error message is from a site-to-site VPN router. The whole error message is like:
Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
Thanks in advance
Xuam,
what was the fix to your problem. I am getting exact same problem.
Alphonse
Similar Messages
-
OIM encryption/decryption error
I am building a new environment by importing resources, lookup definitions, etc from an existing environment via deployment manager. Both the environments are same in s/w and h/w config:
OIM: 9.1.0.2 BP18
Weblogic: 10.3.2
Windows Server 2008 R2 64 bit
After the installation of new environment:
I have copied the .xlkeystore and .xldatabasekey from old environment to new.
Changed the password in xlconfig.xml file on new environment as plain text from old environment.
Updated the xelsysadm password in the USR table from the value old environment.
Restarted the system
Now I am able to login to OIM using the xelsysadm password from old environment.
xlconfig.xml has the new password in the encrypted format.But, now when I import a resource from old environment to new environment, I see all the values in the encrypted format both at OIM GUI as well as design Console.
In the .out logs I get the exception:
INFO,11 Apr 2012 18:11:11,790,[XELLERATE.PERFORMANCE],Query: DB: 16, LOAD: 0, TOTAL: 16
ERROR,11 Apr 2012 18:11:11,790,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Given final block not properly padded
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(Unknown Source)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.decryptDataSet(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParametersData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParameters(Unknown Source)
at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession.getITResourceInstanceParameters(Unknown Source)
at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession_7uvp44_EOImpl.getITResourceInstanceParameters(tcITResourceInstanceOperationsSession_7uvp44_EOImpl.java:77)
at Thor.API.Operations.tcITResourceInstanceOperationsClient.getITResourceInstanceParameters(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjeWhy you copied these things from OLD environment - .xlkeystore and .xldatabasekey ?
Take backup of these files and restore your original files in new environment and restart the server. -
Java-oracle-java encryption-decryption error.
Hi
We have a program which encrypts strings using DES and writes the encrypted to an oracle data. The code is similar to the following:
private static String encrypt(String property) throws GeneralSecurityException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return base64Encode(pbeCipher.doFinal(property.getBytes()));
This works consistently across jvms / os / hw / etc.
Unfortunately, the original version was writing it to the db as strings and now, these can't be de-crypted as oracle returns different values from the column.
I was wondering whether there was any way of retrieving these values now.
Regards
V
Edited by: user10510492 on Sep 28, 2011 1:59 PMYou need to try to find out what characterset was originally used to create the strings, this was either specified explicitly in the code, or done with the default Java encoding for your platform. Unfortunately there still is potential for loss of information which might prevent you from correctly decrypting the string (eg, bytes not in the characterset might have been converted to a questionmark, ASCII controlcodes might have been converted to something safer by your database, etc).
-
Encrypt/decrypt AES 256, vorsalt error
Hiyas.
So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
<!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
<cfset theAlgorithm = "Rijndael/CBC/PKCS5Padding" />
<cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
<!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
<cfset theIV = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
<!---<cfset theIV128 = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
<cffunction name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
<cfargument name="szToEncrypt" type="string" required="true"/>
<cfset secretkey = gKey>
<cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
<cfreturn szReturn>
</cffunction>
<cffunction name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
<cfargument name="szToDecrypt" type="string" required="true"/>
<cfset secretkey = gKey>
<cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>
<cfreturn szReturn>
</cffunction>
<cfset szStart = form["toencrypt"]>
<cfset szStart = "Test me!">
<cfset szEnc = DoEncrypt(szStart)>
<cfset szDec = DoDecrypt(szEnc)>
<cfoutput>#szEnc# #szDec#</cfoutput>Hi edevmachine,
This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
Example:
<cfscript>
BouncyCastleCFC = new path.to.BouncyCastle();
string = "ColdFusion Rocks!";
key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
</cfscript>
Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
- An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
- An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
- An explanation of how to connect the Bouncy Castle classes together
- Bouncy Castle's doc for the Rijndael Engine
And here is the full CFC as posted in the StackOverflow discussion:
<cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
<cffunction name="createRijndaelBlockCipher" access="private">
<cfargument name="key" type="string" required="true" >
<cfargument name="ivSalt" type="string" required="true" >
<cfargument name="bEncrypt" type="boolean" required="false" default="1">
<cfargument name="blocksize" type="numeric" required="false" default=256>
<cfscript>
// Create a block cipher for Rijndael
var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
// Create a Block Cipher in CBC mode
var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
// Create Padding - Zero Byte Padding is apparently PHP compatible.
var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
// Create a JCE Cipher from the Block Cipher
var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
// Create the key params for the cipher
var binkey = binarydecode(arguments.key,"hex");
var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
var binIVSalt = Binarydecode(ivSalt,"hex");
var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
return cipher;
</cfscript>
</cffunction>
<cffunction name="doEncrypt" access="public" returntype="string">
<cfargument name="message" type="string" required="true">
<cfargument name="key" type="string" required="true">
<cfargument name="ivSalt" type="string" required="true">
<cfscript>
var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
var byteMessage = arguments.message.getBytes();
var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
var cipherText = cipher.doFinal(outArray,bufferLength);
return toBase64(outArray);
</cfscript>
</cffunction>
<cffunction name="doDecrypt" access="public" returntype="string">
<cfargument name="message" type="string" required="true">
<cfargument name="key" type="string" required="true">
<cfargument name="ivSalt" type="string" required="true">
<cfscript>
var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
var byteMessage = toBinary(arguments.message);
var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
var originalText = cipher.doFinal(outArray,bufferLength);
return createObject("java", "java.lang.String").init(outArray);
</cfscript>
</cffunction>
<cfscript>
function getByteArray(someLength)
byteClass = createObject("java", "java.lang.Byte").TYPE;
return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
</cfscript>
</cfcomponent>
Thanks!,
-Aaron -
Error in running encryption/decryption using DES in Websphere Dev't Client
Hello!
I have a code used to encrypt / decrypt a string (password). I have already tested it using Netbeans and it is working. But when I tried to add the java code to an existing web project using Websphere Development Client,, javax.crypto.* is not recognized. Then I imported JCE.jar.
The java code contains no errors then, but when I started to run the project, it gives an Error 500. And below is the Console's error message:
E SRVE0026E: [Servlet Error]-[javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found]: java.lang.NoSuchMethodError: javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found[/b]
Have I missed something to add? Or other things that I should do upon importing this jar file?
Please help.
Advance thanks for your reply.
misyelI dont know what version of Java that my Websphere's using. But I am very sure that it is outdated. I am using Websphere 5.0. For Netbeans, it is JDK1.5.
I imported the JCE from JDK 1.5 on Websphere.
I think the code works perfectly fine. Actually it was my friend's code for encryption but they are using Eclipse for development (almost the same from Websphere but somehow different from it.)
My idea is that I cant match the versions of the jarfiles used in my project. As much as I wanted to change the imported jar files, I couldn't for when I replaced the existing jar files, more and more errors occur.
can we have any alternative ways of importing the jar files? or is there any other code that might help that will not use the JCE.jar?
I really appreciate your response. thanks
misyel -
Hi all,
I have one admin server 8 managed servers in cluster environment. I am using node
manager to start managed servers. I used the demo certificate and private key
file provided by BEA before getting my real certificate, but when I got the real
certificate the node manager can't no more. The error I am getting is this :
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
on command line options, try "java weblogic.nodemanager.NodeManager help">
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
Error decrypting Secret Key
at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
--------------- nested within: ------------------
weblogic.security.internal.encryption.EncryptionServiceException - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
Secret Key]
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
here is the setting of node manager
# Set user-defined variables.
BEA_HOME="/opt/app/weblogic"
WL_HOME=${BEA_HOME}/weblogic700
NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
#Set NODEMANAGER variables
NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
NODEMANAGER_LISTENADDRESS="uxmwpr01"
NODEMANAGER_LISTENPORT="5501"
NODEMANAGER_REVERSEDNS="true"
NODEMANAGER_SSLVERIFICATION="true"
NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
NODEMANAGER_NATIVEIO="true"
${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
-Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
-Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
-Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
-Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
-Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
-Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
-Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
weblogic.nodemanager.NodeManager"Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
Hi,
I am wondering if anyone has tried creating a domain on a weblogic server by copying
and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
to the new installation %bea_home%\config\DomainName.
When I do this I get the following error when starting up the weblogic server:
"The WebLogic Server did not start up properly. Exception raised:
weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
Secret Key" when loading config.xml
I assume this is because the weblogic system password is encrypted in the config.xml
file. Is there anyway I can get around this so I can easily clone weblogic servers?
Thanks,
JasJas,
Yeah the security key is tied to the server, what exactly are you
trying to accomplish? Do you want seperate domains or servers? Are
they on different physical servers?
Also what version of wls? 6 or 7?
Will try to help you if I can
Steve -
Help for a newbie on encryption/decryption
I want to start with a text file.
Read in a line of ascii characters, encrypt it using some algorithm and output it as a new set of ascii characters.
What algorithm should I use?thanks a lot. I got the encryption/decryption working pretty easily.
However, I ran into problem when I got to storing keys:
I stored it fine with this code
try {
KeyGenerator keyGen = KeyGenerator.getInstance("DES");
desKey = keyGen.generateKey();
cipher = Cipher.getInstance("DES");
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = "lemein";
char passwd[] = password.toCharArray();
keyStore.load(null, passwd); //initialize keyStore
Certificate[] chain = new Certificate[1];
String alias = "test";
keyStore.setKeyEntry(alias, desKey, passwd, null);
String fileName = "data/gkey.txt";
FileOutputStream f = new FileOutputStream(fileName);
keyStore.store(f, passwd); // <----------exception happens here
} catch (Exception e)
{ e.printStackTrace();
I got problem when I retrieve it with this code
KeyGenerator kg = null;
Key key = null;
cipher = null;
Security.addProvider(new com.sun.crypto.provider.SunJCE());
byte[] result = null;
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("data/gkey.txt"), "lemein".toCharArray());
key = keyStore.getKey("test", "lemein".toCharArray());
cipher = Cipher.getInstance("DES");
byte[] data = "Hello World!".getBytes();
System.out.println("Original data : " + new String(data));
cipher.init(Cipher.ENCRYPT_MODE, key);
result = cipher.doFinal(data);
System.out.println("Encrypted data: " + new String(result));
} catch (Exception e) {
e.printStackTrace();
I get the error:
java.security.UnrecoverableKeyException: DerInputStream.getLength(): lengthTag=75, too big.
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
Any idea what the problem is?
Thanks -
Encrypt/decrypt using update
Hi,
can someone give me an encrypt/decrypt pair of code samples that use the cipher.update() call.
i am trying it like that but apparently it doesn't work
byte[] temp = new byte[message.length/2];
byte[] temp2 = new byte[message.length/2];
System.arraycopy(message, 0, temp, 0, temp.length);
System.arraycopy(message, temp.length, temp2, 0, temp.length);
ciphertext = new byte[message.length];
System.arraycopy(symmetricCipher.update(temp), 0, ciphertext, 0, temp.length);
System.arraycopy(symmetricCipher.doFinal(temp2), 0, ciphertext, temp.length, temp.length);ode]
>
I don't see how using the inputstream i would avoid
the memory error, when passing anything over
10,000,000. Unless you mean I split the input, and
write small chunks into disk as I encrypt them?Your basic problem is that you have the data as one large array. I don't know how and why you created this large array; I would not to create it unless there was no other way.
Since it does not make sense to create one large encrypted byte array and given that you have a byte array then you can use either
1) Create a ByteArrayInputStream and wrap it in a CipherinputStream. This would allow you to encrypt the array in a sequential manner a few KBytes at a time.
or
2) Encrypt the array a few KBytes at a time using a simple update(array, start, length) that returns the encrypted bytes.
But first, I would try to avoid creating the large 'cleartext' array. -
RSA decryption Error: Data must start with zero
Because of some reasons, I tried to use RSA as a block cipher to encrypt/decrypt a large file. When I debug my program, there some errors are shown as below:
javax.crypto.BadPaddingException: Data must start with zero
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:394)
at javax.crypto.Cipher.doFinal(Cipher.java:2299)
at RSA.RRSSA.main(RRSSA.java:114)
From breakpoint, I think the problem is the decrypt operation, and Cipher.doFinal() can not be operated correctly.
I searched this problem from google, many people met the same problem with me, but most of them didn't got an answer.
The source code is :
Key generation:
package RSA;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.logging.Level;
import java.util.logging.Logger;
public class GenKey {
* @param args
* @author tang
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
KeyPairGenerator KPG = KeyPairGenerator.getInstance("RSA");
KPG.initialize(1024);
KeyPair KP=KPG.genKeyPair();
PublicKey pbKey=KP.getPublic();
PrivateKey prKey=KP.getPrivate();
//byte[] publickey = decryptBASE64(pbKey);
//save public key
FileOutputStream out=new FileOutputStream("RSAPublic.dat");
ObjectOutputStream fileOut=new ObjectOutputStream(out);
fileOut.writeObject(pbKey);
//save private key
FileOutputStream outPrivate=new FileOutputStream("RSAPrivate.dat");
ObjectOutputStream privateOut=new ObjectOutputStream(outPrivate);
privateOut.writeObject(prKey)
}Encrypte / Decrypt
package RSA;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.Key;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
//import sun.misc.BASE64Decoder;
//import sun.misc.BASE64Encoder;
public class RRSSA {
* @param args
public static void main(String[] argv) {
// TODO Auto-generated method stub
//File used to encrypt/decrypt
String dataFileName = argv[0];
//encrypt/decrypt: operation mode
String opMode = argv[1];
String keyFileName = null;
//Key file
if (opMode.equalsIgnoreCase("encrypt")) {
keyFileName = "RSAPublic.dat";
} else {
keyFileName = "RSAPrivate.dat";
try {
FileInputStream keyFIS = new FileInputStream(keyFileName);
ObjectInputStream OIS = new ObjectInputStream(keyFIS);
Key key = (Key) OIS.readObject();
Cipher cp = Cipher.getInstance("RSA/ECB/PKCS1Padding");//
if (opMode.equalsIgnoreCase("encrypt")) {
cp.init(Cipher.ENCRYPT_MODE, key);
} else if (opMode.equalsIgnoreCase("decrypt")) {
cp.init(Cipher.DECRYPT_MODE, key);
} else {
return;
FileInputStream dataFIS = new FileInputStream(dataFileName);
int size = dataFIS.available();
byte[] encryptByte = new byte[size];
dataFIS.read(encryptByte);
if (opMode.equalsIgnoreCase("encrypt")) {
FileOutputStream FOS = new FileOutputStream("cipher.txt");
//RSA Block size
//int blockSize = cp.getBlockSize();
int blockSize = 64 ;
int outputBlockSize = cp.getOutputSize(encryptByte.length);
/*if (blockSize == 0)
System.out.println("BLOCK SIZE ERROR!");
}else
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] cipherData = new byte[outputBlockSize*blocksNum];
//encrypt each block
for (int i = 0; i < blocksNum; i++) {
if ((encryptByte.length - i * blockSize) > blockSize) {
cp.doFinal(encryptByte, i * blockSize, blockSize, cipherData, i * outputBlockSize);
} else {
cp.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize, cipherData, i * outputBlockSize);
//byte[] cipherData = cp.doFinal(encryptByte);
//BASE64Encoder encoder = new BASE64Encoder();
//String encryptedData = encoder.encode(cipherData);
//cipherData = encryptedData.getBytes();
FOS.write(cipherData);
FOS.close();
} else {
FileOutputStream FOS = new FileOutputStream("plaintext.txt");
//int blockSize = cp.getBlockSize();
int blockSize = 64;
//int j = 0;
//BASE64Decoder decoder = new BASE64Decoder();
//String encryptedData = convert(encryptByte);
//encryptByte = decoder.decodeBuffer(encryptedData);
int outputBlockSize = cp.getOutputSize(encryptByte.length);
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] plaintextData = new byte[outputBlockSize*blocksNum];
for (int j = 0; j < blocksNum; j++) {
if ((encryptByte.length - j * blockSize) > blockSize) {
cp.doFinal(encryptByte, j * blockSize, blockSize, plaintextData, j * outputBlockSize);
} else {
cp.doFinal(encryptByte, j * blockSize, encryptByte.length - j * blockSize, plaintextData, j * outputBlockSize);
FOS.write(plaintextData);
//FOS.write(cp.doFinal(encryptByte));
FOS.close();
}Edited by: sabre150 on Aug 3, 2012 6:43 AM
Moderator action : added [ code] tags so as to make the code readable. Please do this yourself in the future.
Edited by: 949003 on 2012-8-3 上午5:311) Why are you not closing the streams when writing the keys to the file?
2) Each block of RSA encrypted data has size equal to the key modulus (in bytes). This means that for a key size of 1024 bits you need to read 128 bytes and not 64 bytes at a time when decrypting ( this is probably the cause of your 'Data must start with zero exception'). Since the input block size depends on the key modulus you cannot hard code this. Note - PKCS1 padding has at least 11 bytes of padding so on encrypting one can process a maximum of the key modulus in bytes less 11. Currently you have hard coded the encryption block at 64 bytes which is OK for your 1024 bits keys but will fail for keys of modulus less than about 936 bits.
3) int size = dataFIS.available(); is not a reliable way to get the size of an input stream. If you check the Javadoc for InputStream.available() you will see that it returns the number of bytes that can be read without blocking and not the stream size.
4) InputStream.read(byte[]) does not guarantee to read all the bytes and returns the number of bytes actually read. This means that your code to read the content of the file into an array may fail. Again check the Javadoc. To be safe you should used DataInputStream.readFully() to read a block of bytes.
5) Reading the whole of the cleartext or ciphertext file into memory does not scale and with very large files you will run out of memory. There is no need to do this since you can use a "read a block, write the transformed block" approach.
RSA is a very very very slow algorithm and it is not normal to encrypt the whole of a file using it. The standard approach is to perform the encryption of the file content using a symmetric algorithm such as AES using a random session key and use RSA to encrypt the session key. One then writes to the ciphertext file the RSA encrypted session key followed by the symmetric encrypted data. To make it more secure one should actually follow the extended procedure outlined in section 13.6 of Practical Cryptography by Ferguson and Schneier. -
Hi everybody,
I got this trap massage on WLC.
The client failed to communicate, it was still associated wiht WLC though.
the trap massage log is blow
"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
Thanks.We use Dynamic wep key, EAP-TTLS / PEAP.
I attach the output.
WLAN Identifier.................................. 1
Profile Name..................................... kssl
Network Name (SSID).............................. kssl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.9.44 1812
Authentication................................ 10.10.9.45 1812
Accounting.................................... 10.10.9.44 1813
Accounting.................................... 10.10.9.45 1813
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Enabled
--More-- or (q)uit
Encryption:..................................... 104-bit WEP
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Disabled
Client MFP.................................... Optional but inactive (WPA2 no
t configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
Thank you. -
Failed to call DBMS_CRYPTO.ENCRYPT / DECRYPT
I tried to use Oracle 11gR2 DBMS_CRYPTO to perform AES256 encryption/decryption. From the Oracle Ref., it specifies "Security Model - Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed." So requested DBA to grant EXECUTE privilege for the SYS.DBMS_CRYPTO.
I successfully run the SQL "select DBMS_CRYPTO.RANDOMBYTES(64) from dual;", but when I tried to implement Package body. The compiler prompted errors: PLS-00201: identified 'DBMS_CRYPTO' must be declared.
Please kindly help and advise. Thanks!
Src code of the package body:
CREATE OR REPLACE PACKAGE BODY PKG_TOOLKIT AS
g_encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC + DBMS_CRYPTO.PAD_PKCS5;
FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
l_key VARCHAR2(512);
l_text VARCHAR2(32767) := p_text;
l_encrypted RAW(32767);
BEGIN
getKey(l_key);
l_encrypted := DBMS_CRYPTO.ENCRYPT(src => UTL_I18N.STRING_TO_RAW(l_text, 'AL32UTF8'),
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN l_encrypted;
END;
FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
l_key VARCHAR2(512);
l_decrypted VARCHAR2(32767);
BEGIN
getKey(l_key);
l_decrypted := DBMS_CRYPTO.DECRYPT(src => p_raw,
typ => g_encryption_type,
key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
RETURN RTrim(UTL_I18N.RAW_TO_CHAR(l_decrypted, 'AL32UTF8'));
END;
END PKG_TOOLKIT;
/From the Package DBMS_CRYPTO -> Grants, I found there is a privilege "EXECUTE" granted to grantee "ORADEV1". "ORADEV1" is the login ID I'm using to connect to Oracle. Can I tell whether the DBA is granting the privilege to this id or it's role thru Oracle Developer?
-
Encryption/decryption through jar file and classes
Hi,
My application uses tomcat as web server.
I am doing encrytion and decyption.
i fetch encypted data from database and then decrypt it
If i use calsses in webapps -> WEB-INF -> classes folder, i place classes in that ,
In other case i use jar file and place that file in WEB-INF -> lib folder in the webapps directory.
There is huge performance difference.
While using classes performance is great while using jar file performance is very disappointed.
I am using a file for encryption /decryption also.Are you getting any error messages? Have you put debugging code in those classes to see what is happening?
-
Decrypt Errors occuring in WLC Log
Hi all,
we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
Even more frequently we see the following message in the log:
%ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
The WLC is an 2106, the APs are 1242AG.
We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
Anyone else got these messages (and hopefully fixed them :))
Greets,
SebastianHi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...
-
Decrypt errors occurred for client
I am getting error messages for clients:
11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0
12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
These are only occuring for clients that are disconnecting....
They can reconnect after a WLC reboot....
We have swapped APs.....
I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.
Is this a client issue (nic firmware, version) or is this an error in the controller??
AIR-WLC2106-K9
IOS ver: 6.0.196.0
ThanksThis means that the client is using a different key than the one he agreed on using with the AP. There were bugs about this long time ago but nothing recent.
I've seen this happening a lot with old/not updated clients. It rarely happens on intel adapters with latest drivers for example.
So I'd suggest checking the client pattern (are the clients facing this all having old wireless drivers ?).
It can also happen if you offer funny encryption combinations that client doesn't like (wpa1+aes, wpa2+tkip). Try to only enable wpa2/aes and see if it helps.
Nicolas -
Is possible the encrypt decrypt operation in JCDE plugin for Eclipse
I am new in java card.
We are still in a LONG wait for the JCOP tools. In the meantime we are trying another tools and we have found I this JCDE plugin for Eclipse.
I try to work one sample but I have a problem. To create applet problem.
Is the problem in sample or is JCDE plugin not support encrypt decrypt operation?
Actually is this possible to signing , hashing operation in JCDE as similation.
Please answer.
I take this error:
Exception from the invoked install() method:public static void handsonRSAEncryptDecrypt.HandsonRSAEncryptDecrypt.install(byte[],short,byte)
The sample is
package handsonRSAEncryptDecrypt;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.Cipher;
* Jeffrey C
* 6/21/08
public class HandsonRSAEncryptDecrypt extends javacard.framework.Applet
//globals
RSAPrivateCrtKey rsa_PrivateCrtKey;
RSAPublicKey rsa_PublicKey;
KeyPair rsa_KeyPair;
Cipher cipherRSA;
final short dataOffset = (short) ISO7816.OFFSET_CDATA;
//constructor
private HandsonRSAEncryptDecrypt(byte bArray[], short bOffset, byte bLength)
//generate own rsa_keypair
rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_1024 );
rsa_KeyPair.genKeyPair();
rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
rsa_PrivateCrtKey = (RSAPrivateCrtKey) rsa_KeyPair.getPrivate();
cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
register(bArray, (short) (bOffset + 1), bArray[bOffset]);
//install
public static void install(byte bArray[], short bOffset, byte bLength)
new HandsonRSAEncryptDecrypt(bArray, bOffset, bLength);
public void process(APDU apdu)
if (selectingApplet())
return;
byte[] buf = apdu.getBuffer();
if (buf[ISO7816.OFFSET_CLA] != 0) ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
if (buf[ISO7816.OFFSET_INS] != (byte) (0xAA)) ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
switch (buf[ISO7816.OFFSET_P1])
case (byte) 0x01:
encryptRSA(apdu);
return;
case (byte) 0x02:
decryptRSA(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
private void encryptRSA(APDU apdu)
byte a[] = apdu.getBuffer();
short byteRead = (short) (apdu.setIncomingAndReceive());
cipherRSA.init(rsa_PrivateCrtKey, Cipher.MODE_ENCRYPT);
short cyphertext = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
// Send results
apdu.setOutgoing();
apdu.setOutgoingLength((short) cyphertext);
apdu.sendBytesLong(a, (short) dataOffset, (short) cyphertext);
// private void decryptRSA(APDU apdu)
// byte a[] = apdu.getBuffer();
// short byteRead = (short) (apdu.setIncomingAndReceive());
// cipherRSA.init(rsa_PublicKey, Cipher.MODE_DECRYPT);
// cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
// // Send results
// apdu.setOutgoing();
// apdu.setOutgoingLength((short) 24);
// apdu.sendBytesLong(a, (short) dataOffset, (short) 24);
private void decryptRSA(APDU apdu)
byte a[] = apdu.getBuffer();
short byteRead = (short) (apdu.setIncomingAndReceive());
cipherRSA.init(rsa_PublicKey, Cipher.MODE_DECRYPT);
short textlenth = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
// Send results
apdu.setOutgoing();
apdu.setOutgoingLength((short) textlenth );
apdu.sendBytesLong(a, (short) dataOffset, (short) textlenth );
script
powerup;
// Select the installer applet
0x00 0xA4 0x04 0x00 0x09 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;
// create HandsonRSAEncryptDecrypt applet
0x80 0xB8 0x00 0x00 0xd 0xb 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x00 0x00 0x00 0x7F;
powerdown;
output
Received ATR = 0x3b 0xf0 0x11 0x00 0xff 0x00
CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 09, a0, 00, 00, 00, 62, 03, 01, 08, 01, Le: 00, SW1: 90, SW2: 00
CLA: 80, INS: b8, P1: 00, P2: 00, Lc: 0d, 0b, 01, 02, 03, 04, 05, 06, 07, 08, 09, 00, 00, 00, Le: 00, SW1: 64, SW2: 44
Thanks for help.I think you should try and get error manner for solving problem.
Allah yardimcin olsun ne diyeyim.
Maybe you are looking for
-
Help! iTunes is making my iMac act like a Windows machine!
Here is the basic problem: Some songs will not play properly in iTunes, pausing often and causing the spinning beach ball of death to freeze my iMac for 5 to 10 minutes at a time, sometimes longer. I am also having problems ripping those songs to a C
-
Help needed in getting applet working
import java.awt.*; import javax.swing.*; import java.awt.event.*; public class murali1 extends JApplet{ private Container contain; private GridBagLayout grid; private GridBagConstraints c; * Create the GUI and show it. public murali1()
-
Solved ( Ipad charging problem after update IOS 7.0.4 )
Its already verified by me ( Technician ) problem solved. We were working on my customers ipad for 2-3 weeks finally figured out whats the problem. We replaced new battery, cable and charger did not work. Reseting your ipad also does not work. Since
-
To get the transaction data..please help
Hi all, i need to retrive the transaction datas..like deleted ,n updated datas.. I tried this query SELECT * FROM FLASHBACK_TRANSACTION_QUERY WHERE TABLE_OWNER='CFMSDEV' AND TABLE_NAME='M_REGIONS' but this is givng the feilds of details..not showing
-
Why are images converted into pdfs instead of jpgs?
When saving an image that's been corrected, as a jpg, it is automatically converted to a PDF. Some sites I use will only accept jpg files. Where can I change this feature in acrobat XI?