Packet Encryption/Decryption error

This error message is from a site-to-site VPN router. The whole error message is like:
Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
Thanks in advance

Xuam,
what was the fix to your problem. I am getting exact same problem.
Alphonse

Similar Messages

  • OIM encryption/decryption error

    I am building a new environment by importing resources, lookup definitions, etc from an existing environment via deployment manager. Both the environments are same in s/w and h/w config:
    OIM: 9.1.0.2 BP18
    Weblogic: 10.3.2
    Windows Server 2008 R2 64 bit
    After the installation of new environment:
    I have copied the .xlkeystore and .xldatabasekey from old environment to new.
    Changed the password in xlconfig.xml file on new environment as plain text from old environment.
    Updated the xelsysadm password in the USR table from the value old environment.
    Restarted the system
    Now I am able to login to OIM using the xelsysadm password from old environment.
    xlconfig.xml has the new password in the encrypted format.But, now when I import a resource from old environment to new environment, I see all the values in the encrypted format both at OIM GUI as well as design Console.
    In the .out logs I get the exception:
    INFO,11 Apr 2012 18:11:11,790,[XELLERATE.PERFORMANCE],Query: DB: 16, LOAD: 0, TOTAL: 16
    ERROR,11 Apr 2012 18:11:11,790,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Given final block not properly padded
    javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
    at javax.crypto.Cipher.doFinal(DashoA13*..)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(Unknown Source)
    at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
    at com.thortech.xl.crypto.tcCryptoUtil.decrypt(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.decryptDataSet(Unknown Source)
    at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParametersData(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcITResourceInstanceOperationsBean.getITResourceInstanceParameters(Unknown Source)
    at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession.getITResourceInstanceParameters(Unknown Source)
    at com.thortech.xl.ejb.beans.tcITResourceInstanceOperationsSession_7uvp44_EOImpl.getITResourceInstanceParameters(tcITResourceInstanceOperationsSession_7uvp44_EOImpl.java:77)
    at Thor.API.Operations.tcITResourceInstanceOperationsClient.getITResourceInstanceParameters(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubje

    Why you copied these things from OLD environment - .xlkeystore and .xldatabasekey ?
    Take backup of these files and restore your original files in new environment and restart the server.

  • Java-oracle-java encryption-decryption error.

    Hi
    We have a program which encrypts strings using DES and writes the encrypted to an oracle data. The code is similar to the following:
    private static String encrypt(String property) throws GeneralSecurityException {
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
    SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
    Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
    pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
    return base64Encode(pbeCipher.doFinal(property.getBytes()));
    This works consistently across jvms / os / hw / etc.
    Unfortunately, the original version was writing it to the db as strings and now, these can't be de-crypted as oracle returns different values from the column.
    I was wondering whether there was any way of retrieving these values now.
    Regards
    V
    Edited by: user10510492 on Sep 28, 2011 1:59 PM

    You need to try to find out what characterset was originally used to create the strings, this was either specified explicitly in the code, or done with the default Java encoding for your platform. Unfortunately there still is potential for loss of information which might prevent you from correctly decrypting the string (eg, bytes not in the characterset might have been converted to a questionmark, ASCII controlcodes might have been converted to something safer by your database, etc).

  • Encrypt/decrypt AES 256, vorsalt error

    Hiyas.
    So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
    'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
    'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
    But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
    An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
    Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
    <!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
    <cfset theAlgorithm  = "Rijndael/CBC/PKCS5Padding" />
    <cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
    <!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
    <cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
    <!---<cfset theIV128    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
    <cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToEncrypt" type="string" required="true"/>
        <cfset secretkey = gKey>               
        <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
        <cfreturn szReturn>
    </cffunction>   
    <cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToDecrypt" type="string" required="true"/>
        <cfset secretkey = gKey>   
        <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>       
        <cfreturn szReturn>
    </cffunction>
    <cfset szStart = form["toencrypt"]>
    <cfset szStart = "Test me!">
    <cfset szEnc = DoEncrypt(szStart)>
    <cfset szDec = DoDecrypt(szEnc)>
    <cfoutput>#szEnc# #szDec#</cfoutput>

    Hi edevmachine,
    This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
    Example:
    <cfscript>
      BouncyCastleCFC = new path.to.BouncyCastle();
      string = "ColdFusion Rocks!"; 
      key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
      ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
      encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
      writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
    </cfscript>
    Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
    - An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
    - An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
    - An explanation of how to connect the Bouncy Castle classes together
    - Bouncy Castle's doc for the Rijndael Engine
    And here is the full CFC as posted in the StackOverflow discussion:
    <cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
    <cffunction name="createRijndaelBlockCipher" access="private">
        <cfargument name="key" type="string" required="true" >
        <cfargument name="ivSalt" type="string" required="true" >
        <cfargument name="bEncrypt" type="boolean" required="false" default="1">
        <cfargument name="blocksize" type="numeric" required="false" default=256>
        <cfscript>
        // Create a block cipher for Rijndael
        var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
        // Create a Block Cipher in CBC mode
        var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
        // Create Padding - Zero Byte Padding is apparently PHP compatible.
        var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
        // Create a JCE Cipher from the Block Cipher
        var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
        // Create the key params for the cipher    
        var binkey = binarydecode(arguments.key,"hex");
        var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
        var binIVSalt = Binarydecode(ivSalt,"hex");
        var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
        cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
        return cipher;
        </cfscript>
    </cffunction>
    <cffunction name="doEncrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
        var byteMessage = arguments.message.getBytes();
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var cipherText = cipher.doFinal(outArray,bufferLength);
        return toBase64(outArray);
        </cfscript>
    </cffunction>
    <cffunction name="doDecrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
        var byteMessage = toBinary(arguments.message);
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var originalText = cipher.doFinal(outArray,bufferLength);
        return createObject("java", "java.lang.String").init(outArray);
        </cfscript>
    </cffunction>
    <cfscript>
    function getByteArray(someLength)
        byteClass = createObject("java", "java.lang.Byte").TYPE;
        return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
    </cfscript>
    </cfcomponent>
    Thanks!,
    -Aaron

  • Error in running encryption/decryption using DES in Websphere Dev't Client

    Hello!
    I have a code used to encrypt / decrypt a string (password). I have already tested it using Netbeans and it is working. But when I tried to add the java code to an existing web project using Websphere Development Client,, javax.crypto.* is not recognized. Then I imported JCE.jar.
    The java code contains no errors then, but when I started to run the project, it gives an Error 500. And below is the Console's error message:
    E SRVE0026E: [Servlet Error]-[javax.crypto.spec.PBEKeySpec: method <init>&#40;[C[BI&#41;V not found]: java.lang.NoSuchMethodError: javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found[/b]
    Have I missed something to add? Or other things that I should do upon importing this jar file?
    Please help.
    Advance thanks for your reply.
    misyel

    I dont know what version of Java that my Websphere's using. But I am very sure that it is outdated. I am using Websphere 5.0. For Netbeans, it is JDK1.5.
    I imported the JCE from JDK 1.5 on Websphere.
    I think the code works perfectly fine. Actually it was my friend's code for encryption but they are using Eclipse for development (almost the same from Websphere but somehow different from it.)
    My idea is that I cant match the versions of the jarfiles used in my project. As much as I wanted to change the imported jar files, I couldn't for when I replaced the existing jar files, more and more errors occur.
    can we have any alternative ways of importing the jar files? or is there any other code that might help that will not use the JCE.jar?
    I really appreciate your response. thanks
    misyel

  • Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

    Hi all,
    I have one admin server 8 managed servers in cluster environment. I am using node
    manager to start managed servers. I used the demo certificate and private key
    file provided by BEA before getting my real certificate, but when I got the real
    certificate the node manager can't no more. The error I am getting is this :
    <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
    on command line options, try "java weblogic.nodemanager.NodeManager help">
    <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
    Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
    Error decrypting Secret Key
         at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
         at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
         at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
         at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
         at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
         at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
    --------------- nested within: ------------------
    weblogic.security.internal.encryption.EncryptionServiceException - with nested
    exception:
    [weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
    Secret Key]
         at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
         at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
         at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
         at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
         at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
    here is the setting of node manager
    # Set user-defined variables.
    BEA_HOME="/opt/app/weblogic"
    WL_HOME=${BEA_HOME}/weblogic700
    NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
    JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
    #Set NODEMANAGER variables
    NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
    NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
    NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
    NODEMANAGER_LISTENADDRESS="uxmwpr01"
    NODEMANAGER_LISTENPORT="5501"
    NODEMANAGER_REVERSEDNS="true"
    NODEMANAGER_SSLVERIFICATION="true"
    NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
    NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
    NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
    NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
    NODEMANAGER_NATIVEIO="true"
    ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
    -Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
    -Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
    -Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
    -Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
    -Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
    -Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
    -Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
    weblogic.nodemanager.NodeManager

    "Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
    Hi,
    I am wondering if anyone has tried creating a domain on a weblogic server by copying
    and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
    to the new installation %bea_home%\config\DomainName.
    When I do this I get the following error when starting up the weblogic server:
    "The WebLogic Server did not start up properly. Exception raised:
    weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
    Secret Key" when loading config.xml
    I assume this is because the weblogic system password is encrypted in the config.xml
    file. Is there anyway I can get around this so I can easily clone weblogic servers?
    Thanks,
    JasJas,
    Yeah the security key is tied to the server, what exactly are you
    trying to accomplish? Do you want seperate domains or servers? Are
    they on different physical servers?
    Also what version of wls? 6 or 7?
    Will try to help you if I can
    Steve

  • Help for a newbie on encryption/decryption

    I want to start with a text file.
    Read in a line of ascii characters, encrypt it using some algorithm and output it as a new set of ascii characters.
    What algorithm should I use?

    thanks a lot. I got the encryption/decryption working pretty easily.
    However, I ran into problem when I got to storing keys:
    I stored it fine with this code
              try {
                   KeyGenerator keyGen = KeyGenerator.getInstance("DES");
                   desKey = keyGen.generateKey();
                   cipher = Cipher.getInstance("DES");
                   KeyStore keyStore = KeyStore.getInstance("JKS");
                   String password = "lemein";
                   char passwd[] = password.toCharArray();
                   keyStore.load(null, passwd); //initialize keyStore
                   Certificate[] chain = new Certificate[1];
                   String alias = "test";
                   keyStore.setKeyEntry(alias, desKey, passwd, null);
                   String fileName = "data/gkey.txt";
                   FileOutputStream f = new FileOutputStream(fileName);
                   keyStore.store(f, passwd); // <----------exception happens here
              } catch (Exception e)
              {     e.printStackTrace();
    I got problem when I retrieve it with this code
              KeyGenerator kg = null;
              Key key = null;
              cipher = null;
              Security.addProvider(new com.sun.crypto.provider.SunJCE());
              byte[] result = null;
              try {
                   KeyStore keyStore = KeyStore.getInstance("JKS");
                   keyStore.load(new FileInputStream("data/gkey.txt"), "lemein".toCharArray());
                   key = keyStore.getKey("test", "lemein".toCharArray());
                   cipher = Cipher.getInstance("DES");
                   byte[] data = "Hello World!".getBytes();
                   System.out.println("Original data : " + new String(data));
                   cipher.init(Cipher.ENCRYPT_MODE, key);
                   result = cipher.doFinal(data);
                   System.out.println("Encrypted data: " + new String(result));
              } catch (Exception e) {
                   e.printStackTrace();
    I get the error:
    java.security.UnrecoverableKeyException: DerInputStream.getLength(): lengthTag=75, too big.
         at sun.security.provider.KeyProtector.recover(Unknown Source)
         at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
         at java.security.KeyStore.getKey(Unknown Source)
    Any idea what the problem is?
    Thanks

  • Encrypt/decrypt using update

    Hi,
    can someone give me an encrypt/decrypt pair of code samples that use the cipher.update() call.
    i am trying it like that but apparently it doesn't work
    byte[] temp = new byte[message.length/2];
    byte[] temp2 = new byte[message.length/2];
    System.arraycopy(message, 0, temp, 0, temp.length);
    System.arraycopy(message, temp.length, temp2, 0, temp.length);
    ciphertext = new byte[message.length];
    System.arraycopy(symmetricCipher.update(temp), 0, ciphertext, 0, temp.length);
    System.arraycopy(symmetricCipher.doFinal(temp2), 0, ciphertext, temp.length, temp.length);

    ode]
    >
    I don't see how using the inputstream i would avoid
    the memory error, when passing anything over
    10,000,000. Unless you mean I split the input, and
    write small chunks into disk as I encrypt them?Your basic problem is that you have the data as one large array. I don't know how and why you created this large array; I would not to create it unless there was no other way.
    Since it does not make sense to create one large encrypted byte array and given that you have a byte array then you can use either
    1) Create a ByteArrayInputStream and wrap it in a CipherinputStream. This would allow you to encrypt the array in a sequential manner a few KBytes at a time.
    or
    2) Encrypt the array a few KBytes at a time using a simple update(array, start, length) that returns the encrypted bytes.
    But first, I would try to avoid creating the large 'cleartext' array.

  • RSA decryption Error: Data must start with zero

    Because of some reasons, I tried to use RSA as a block cipher to encrypt/decrypt a large file. When I debug my program, there some errors are shown as below:
    javax.crypto.BadPaddingException: Data must start with zero
         at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
         at sun.security.rsa.RSAPadding.unpad(Unknown Source)
         at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
         at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:394)
         at javax.crypto.Cipher.doFinal(Cipher.java:2299)
         at RSA.RRSSA.main(RRSSA.java:114)
    From breakpoint, I think the problem is the decrypt operation, and Cipher.doFinal() can not be operated correctly.
    I searched this problem from google, many people met the same problem with me, but most of them didn't got an answer.
    The source code is :
    Key generation:
    package RSA;
    import java.io.FileOutputStream;
    import java.io.ObjectOutputStream;
    import java.security.KeyPair;
    import java.security.KeyPairGenerator;
    import java.security.PrivateKey;
    import java.security.PublicKey;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    public class GenKey {
          * @param args
                     * @author tang
         public static void main(String[] args) {
              // TODO Auto-generated method stub
                 try {
                      KeyPairGenerator KPG = KeyPairGenerator.getInstance("RSA");
                      KPG.initialize(1024);
                      KeyPair KP=KPG.genKeyPair();
                      PublicKey pbKey=KP.getPublic();
                      PrivateKey prKey=KP.getPrivate();
                      //byte[] publickey = decryptBASE64(pbKey);
                      //save public key
                      FileOutputStream out=new FileOutputStream("RSAPublic.dat");
                      ObjectOutputStream fileOut=new ObjectOutputStream(out);
                      fileOut.writeObject(pbKey);
                      //save private key
                          FileOutputStream outPrivate=new FileOutputStream("RSAPrivate.dat");
                      ObjectOutputStream privateOut=new ObjectOutputStream(outPrivate);
                                 privateOut.writeObject(prKey)
         }Encrypte / Decrypt
    package RSA;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.ObjectInputStream;
    import java.security.Key;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    import javax.crypto.Cipher;
    //import sun.misc.BASE64Decoder;
    //import sun.misc.BASE64Encoder;
    public class RRSSA {
          * @param args
         public static void main(String[] argv) {
              // TODO Auto-generated method stub
                //File used to encrypt/decrypt
                 String dataFileName = argv[0];
                 //encrypt/decrypt: operation mode
                 String opMode = argv[1];
                 String keyFileName = null;
                 //Key file
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 keyFileName = "RSAPublic.dat";
                 } else {
                 keyFileName = "RSAPrivate.dat";
                 try {
                 FileInputStream keyFIS = new FileInputStream(keyFileName);
                 ObjectInputStream OIS = new ObjectInputStream(keyFIS);
                 Key key = (Key) OIS.readObject();
                 Cipher cp = Cipher.getInstance("RSA/ECB/PKCS1Padding");//
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 cp.init(Cipher.ENCRYPT_MODE, key);
                 } else if (opMode.equalsIgnoreCase("decrypt")) {
                 cp.init(Cipher.DECRYPT_MODE, key);
                 } else {
                 return;
                 FileInputStream dataFIS = new FileInputStream(dataFileName);
                 int size = dataFIS.available();
                 byte[] encryptByte = new byte[size];
                 dataFIS.read(encryptByte);
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 FileOutputStream FOS = new FileOutputStream("cipher.txt");
                 //RSA Block size
                 //int blockSize = cp.getBlockSize();
                 int blockSize = 64 ;
                 int outputBlockSize = cp.getOutputSize(encryptByte.length);
                 /*if (blockSize == 0)
                      System.out.println("BLOCK SIZE ERROR!");       
                 }else
                 int leavedSize = encryptByte.length % blockSize;
                 int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
                 : encryptByte.length / blockSize + 1;
                 byte[] cipherData = new byte[outputBlockSize*blocksNum];
                 //encrypt each block
                 for (int i = 0; i < blocksNum; i++) {
                 if ((encryptByte.length - i * blockSize) > blockSize) {
                 cp.doFinal(encryptByte, i * blockSize, blockSize, cipherData, i * outputBlockSize);
                 } else {
                 cp.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize, cipherData, i * outputBlockSize);
                 //byte[] cipherData = cp.doFinal(encryptByte);
                 //BASE64Encoder encoder = new BASE64Encoder();
                 //String encryptedData = encoder.encode(cipherData);
                 //cipherData = encryptedData.getBytes();
                 FOS.write(cipherData);
                 FOS.close();
                 } else {
                FileOutputStream FOS = new FileOutputStream("plaintext.txt");
                 //int blockSize = cp.getBlockSize();
                 int blockSize = 64;
                 //int j = 0;
                 //BASE64Decoder decoder = new BASE64Decoder();
                 //String encryptedData = convert(encryptByte);
                 //encryptByte = decoder.decodeBuffer(encryptedData);
                 int outputBlockSize = cp.getOutputSize(encryptByte.length);
                 int leavedSize = encryptByte.length % blockSize;
                 int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
                           : encryptByte.length / blockSize + 1;
                 byte[] plaintextData = new byte[outputBlockSize*blocksNum];
                 for (int j = 0; j < blocksNum; j++) {
                 if ((encryptByte.length - j * blockSize) > blockSize) {
                      cp.doFinal(encryptByte, j * blockSize, blockSize, plaintextData, j * outputBlockSize);
                      } else {
                      cp.doFinal(encryptByte, j * blockSize, encryptByte.length - j * blockSize, plaintextData, j * outputBlockSize);
                 FOS.write(plaintextData);
                 //FOS.write(cp.doFinal(encryptByte));
                 FOS.close();
    }Edited by: sabre150 on Aug 3, 2012 6:43 AM
    Moderator action : added [ code] tags so as to make the code readable. Please do this yourself in the future.
    Edited by: 949003 on 2012-8-3 上午5:31

    1) Why are you not closing the streams when writing the keys to the file?
    2) Each block of RSA encrypted data has size equal to the key modulus (in bytes). This means that for a key size of 1024 bits you need to read 128 bytes and not 64 bytes at a time when decrypting ( this is probably the cause of your 'Data must start with zero exception'). Since the input block size depends on the key modulus you cannot hard code this. Note - PKCS1 padding has at least 11 bytes of padding so on encrypting one can process a maximum of the key modulus in bytes less 11. Currently you have hard coded the encryption block at 64 bytes which is OK for your 1024 bits keys but will fail for keys of modulus less than about 936 bits.
    3) int size = dataFIS.available(); is not a reliable way to get the size of an input stream. If you check the Javadoc for InputStream.available() you will see that it returns the number of bytes that can be read without blocking and not the stream size.
    4) InputStream.read(byte[]) does not guarantee to read all the bytes and returns the number of bytes actually read. This means that your code to read the content of the file into an array may fail. Again check the Javadoc. To be safe you should used DataInputStream.readFully() to read a block of bytes.
    5) Reading the whole of the cleartext or ciphertext file into memory does not scale and with very large files you will run out of memory. There is no need to do this since you can use a "read a block, write the transformed block" approach.
    RSA is a very very very slow algorithm and it is not normal to encrypt the whole of a file using it. The standard approach is to perform the encryption of the file content using a symmetric algorithm such as AES using a random session key and use RSA to encrypt the session key. One then writes to the ciphertext file the RSA encrypted session key followed by the symmetric encrypted data. To make it more secure one should actually follow the extended procedure outlined in section 13.6 of Practical Cryptography by Ferguson and Schneier.

  • Decrypt errors issue

    Hi everybody,
    I got this trap massage on WLC.
    The client failed to communicate, it was still associated wiht WLC though.
    the trap massage log is blow
    "Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
    My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
    Thanks.

    We use Dynamic wep key, EAP-TTLS / PEAP.
    I attach the output.
    WLAN Identifier.................................. 1
    Profile Name..................................... kssl
    Network Name (SSID).............................. kssl
    Status........................................... Enabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Disabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
    NAC-State...................................... Disabled
    Quarantine VLAN................................ 0
    Number of Active Clients......................... 0
    Exclusionlist.................................... Disabled
    Session Timeout.................................. 1800 seconds
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    --More-- or (q)uit
    Quality of Service............................... Silver (best effort)
    WMM.............................................. Disabled
    CCX - AironetIe Support.......................... Disabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
    Authentication................................ 10.10.9.44 1812
    Authentication................................ 10.10.9.45 1812
    Accounting.................................... 10.10.9.44 1813
    Accounting.................................... 10.10.9.45 1813
    Local EAP Authentication......................... Disabled
    Security
    802.11 Authentication:........................ Open System
    Static WEP Keys............................... Disabled
    802.1X........................................ Enabled
    --More-- or (q)uit
    Encryption:..................................... 104-bit WEP
    Wi-Fi Protected Access (WPA/WPA2)............. Disabled
    CKIP ......................................... Disabled
    IP Security Passthru.......................... Disabled
    Web Based Authentication...................... Disabled
    Web-Passthrough............................... Disabled
    Conditional Web Redirect...................... Disabled
    Splash-Page Web Redirect...................... Disabled
    Auto Anchor................................... Disabled
    H-REAP Local Switching........................ Disabled
    H-REAP Learn IP Address....................... Enabled
    Infrastructure MFP protection................. Disabled
    Client MFP.................................... Optional but inactive (WPA2 no
    t configured)
    Tkip MIC Countermeasure Hold-down Timer....... 60
    Mobility Anchor List
    WLAN ID IP Address Status
    Thank you.

  • Failed to call DBMS_CRYPTO.ENCRYPT / DECRYPT

    I tried to use Oracle 11gR2 DBMS_CRYPTO to perform AES256 encryption/decryption. From the Oracle Ref., it specifies "Security Model - Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed." So requested DBA to grant EXECUTE privilege for the SYS.DBMS_CRYPTO.
    I successfully run the SQL "select DBMS_CRYPTO.RANDOMBYTES(64) from dual;", but when I tried to implement Package body. The compiler prompted errors: PLS-00201: identified 'DBMS_CRYPTO' must be declared.
    Please kindly help and advise. Thanks!
    Src code of the package body:
    CREATE OR REPLACE PACKAGE BODY PKG_TOOLKIT AS
         g_encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES256 + DBMS_CRYPTO.CHAIN_CBC     + DBMS_CRYPTO.PAD_PKCS5;
    FUNCTION encrypt (p_text IN VARCHAR2) RETURN RAW IS
         l_key VARCHAR2(512);
    l_text VARCHAR2(32767) := p_text;
    l_encrypted RAW(32767);          
    BEGIN
    getKey(l_key);
              l_encrypted := DBMS_CRYPTO.ENCRYPT(src => UTL_I18N.STRING_TO_RAW(l_text, 'AL32UTF8'),
    typ => g_encryption_type,
    key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
    RETURN l_encrypted;
    END;
    FUNCTION decrypt (p_raw IN RAW) RETURN VARCHAR2 IS
         l_key VARCHAR2(512);
    l_decrypted VARCHAR2(32767);
    BEGIN
    getKey(l_key);
              l_decrypted := DBMS_CRYPTO.DECRYPT(src => p_raw,
    typ => g_encryption_type,
    key => UTL_I18N.STRING_TO_RAW(l_key, 'AL32UTF8'));
    RETURN RTrim(UTL_I18N.RAW_TO_CHAR(l_decrypted, 'AL32UTF8'));
    END;
    END PKG_TOOLKIT;
    /

    From the Package DBMS_CRYPTO -> Grants, I found there is a privilege "EXECUTE" granted to grantee "ORADEV1". "ORADEV1" is the login ID I'm using to connect to Oracle. Can I tell whether the DBA is granting the privilege to this id or it's role thru Oracle Developer?

  • Encryption/decryption through jar file and classes

    Hi,
    My application uses tomcat as web server.
    I am doing encrytion and decyption.
    i fetch encypted data from database and then decrypt it
    If i use calsses in webapps -> WEB-INF -> classes folder, i place classes in that ,
    In other case i use jar file and place that file in WEB-INF -> lib folder in the webapps directory.
    There is huge performance difference.
    While using classes performance is great while using jar file performance is very disappointed.
    I am using a file for encryption /decryption also.

    Are you getting any error messages? Have you put debugging code in those classes to see what is happening?

  • Decrypt Errors occuring in WLC Log

    Hi all,
    we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
    Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
    The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
    The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
    Even more frequently we see the following message in the log:
    %ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
    We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
    The WLC is an 2106, the APs are 1242AG.
    We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
    Anyone else got these messages (and hopefully fixed them :))
    Greets,
    Sebastian

    Hi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...

  • Decrypt errors occurred for client

    I am getting error messages for clients:
    11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0
    12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
    These are only occuring for clients that are disconnecting....
    They can reconnect after a WLC reboot....
    We have swapped APs.....
    I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.
    Is this a client issue (nic firmware, version) or is this an error in  the controller??
    AIR-WLC2106-K9
    IOS ver: 6.0.196.0
    Thanks

    This means that the client is using a different key than the one he agreed on using with the AP. There were bugs about this long time ago but nothing recent.
    I've seen this happening a lot with old/not updated clients. It rarely happens on intel adapters with latest drivers for example.
    So I'd suggest checking the client pattern (are the clients facing this all having old wireless drivers ?).
    It can also happen if you offer funny encryption combinations that client doesn't like (wpa1+aes, wpa2+tkip). Try to only enable wpa2/aes and see if it helps.
    Nicolas

  • Is possible the encrypt decrypt operation in JCDE plugin for Eclipse

    I am new in java card.
    We are still in a LONG wait for the JCOP tools. In the meantime we are trying another tools and we have found I this JCDE plugin for Eclipse.
    I try to work one sample but I have a problem. To create applet problem.
    Is the problem in sample or is JCDE plugin not support encrypt decrypt operation?
    Actually is this possible to signing , hashing operation in JCDE as similation.
    Please answer.
    I take this error:
    Exception from the invoked install() method:public static void handsonRSAEncryptDecrypt.HandsonRSAEncryptDecrypt.install(byte[],short,byte)
    The sample is
    package handsonRSAEncryptDecrypt;
    import javacard.framework.*;
    import javacard.security.*;
    import javacardx.crypto.Cipher;
    * Jeffrey C
    * 6/21/08
    public class HandsonRSAEncryptDecrypt extends javacard.framework.Applet
         //globals
         RSAPrivateCrtKey rsa_PrivateCrtKey;
         RSAPublicKey rsa_PublicKey;
         KeyPair rsa_KeyPair;
         Cipher cipherRSA;
         final short dataOffset = (short) ISO7816.OFFSET_CDATA;
         //constructor
         private HandsonRSAEncryptDecrypt(byte bArray[], short bOffset, byte bLength)
              //generate own rsa_keypair
    rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_1024 );
    rsa_KeyPair.genKeyPair();
              rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
              rsa_PrivateCrtKey = (RSAPrivateCrtKey) rsa_KeyPair.getPrivate();
              cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
              register(bArray, (short) (bOffset + 1), bArray[bOffset]);
         //install
         public static void install(byte bArray[], short bOffset, byte bLength)
              new HandsonRSAEncryptDecrypt(bArray, bOffset, bLength);
         public void process(APDU apdu)
              if (selectingApplet())
                   return;
              byte[] buf = apdu.getBuffer();
              if (buf[ISO7816.OFFSET_CLA] != 0) ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
              if (buf[ISO7816.OFFSET_INS] != (byte) (0xAA)) ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
              switch (buf[ISO7816.OFFSET_P1])
              case (byte) 0x01:
                   encryptRSA(apdu);
                   return;
              case (byte) 0x02:
                   decryptRSA(apdu);
                   return;
              default:
                   ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
         private void encryptRSA(APDU apdu)
              byte a[] = apdu.getBuffer();
              short byteRead = (short) (apdu.setIncomingAndReceive());
              cipherRSA.init(rsa_PrivateCrtKey, Cipher.MODE_ENCRYPT);
              short cyphertext = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
              // Send results
              apdu.setOutgoing();
              apdu.setOutgoingLength((short) cyphertext);
              apdu.sendBytesLong(a, (short) dataOffset, (short) cyphertext);
    //     private void decryptRSA(APDU apdu)
    //          byte a[] = apdu.getBuffer();
    //          short byteRead = (short) (apdu.setIncomingAndReceive());
    //          cipherRSA.init(rsa_PublicKey, Cipher.MODE_DECRYPT);
    //          cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
    //          // Send results
    //          apdu.setOutgoing();
    //          apdu.setOutgoingLength((short) 24);
    //          apdu.sendBytesLong(a, (short) dataOffset, (short) 24);
         private void decryptRSA(APDU apdu)
              byte a[] = apdu.getBuffer();
              short byteRead = (short) (apdu.setIncomingAndReceive());
              cipherRSA.init(rsa_PublicKey, Cipher.MODE_DECRYPT);
              short textlenth = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
              // Send results
              apdu.setOutgoing();
              apdu.setOutgoingLength((short) textlenth );
              apdu.sendBytesLong(a, (short) dataOffset, (short) textlenth );
    script
    powerup;
    // Select the installer applet
    0x00 0xA4 0x04 0x00 0x09 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;
    // create HandsonRSAEncryptDecrypt applet
    0x80 0xB8 0x00 0x00 0xd 0xb 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x00 0x00 0x00 0x7F;
    powerdown;
    output
    Received ATR = 0x3b 0xf0 0x11 0x00 0xff 0x00
    CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 09, a0, 00, 00, 00, 62, 03, 01, 08, 01, Le: 00, SW1: 90, SW2: 00
    CLA: 80, INS: b8, P1: 00, P2: 00, Lc: 0d, 0b, 01, 02, 03, 04, 05, 06, 07, 08, 09, 00, 00, 00, Le: 00, SW1: 64, SW2: 44
    Thanks for help.

    I think you should try and get error manner for solving problem.
    Allah yardimcin olsun ne diyeyim.

Maybe you are looking for

  • Help! iTunes is making my iMac act like a Windows machine!

    Here is the basic problem: Some songs will not play properly in iTunes, pausing often and causing the spinning beach ball of death to freeze my iMac for 5 to 10 minutes at a time, sometimes longer. I am also having problems ripping those songs to a C

  • Help needed in getting applet working

    import java.awt.*; import javax.swing.*; import java.awt.event.*; public class murali1 extends JApplet{      private Container contain;      private GridBagLayout grid;      private GridBagConstraints c; * Create the GUI and show it. public murali1()

  • Solved ( Ipad charging problem after update IOS 7.0.4 )

    Its already verified by me ( Technician ) problem solved. We were working on my customers ipad for 2-3 weeks finally figured out whats the problem. We replaced new battery, cable and charger did not work. Reseting your ipad also does not work. Since

  • To get the transaction data..please help

    Hi all, i need to retrive the transaction datas..like deleted ,n updated datas.. I tried this query SELECT * FROM FLASHBACK_TRANSACTION_QUERY WHERE TABLE_OWNER='CFMSDEV' AND TABLE_NAME='M_REGIONS' but this is givng the feilds of details..not showing

  • Why are images converted into pdfs instead of jpgs?

    When saving an image that's been corrected, as a jpg, it is automatically converted to a PDF. Some sites I use will only accept jpg files.  Where can I change this feature in acrobat XI?