Session key and MAC generation in SCP '02' i='15'
Hi,
I am trying send a PUT KEY command and it resolves to '6982' after a '9000' EXTERNAL AUTHENTICATE.
I suspect that my encryption is causing the problem.(not really sure!)
I compare my session keys to some that ppl had derived and posted on the forum and I don't really get what they did.
I am trying to find out if I'm deriving the correct session keys or not?!?!
e.g
//Calculating session keys with
//static key = '404142434445464748494a4b4c4d4e4f' (keyData)
//sequence counter = '003b'
//"0101" + sequenceCounter + "000000000000000000000000" for session CMAC key (data)
//"0102" + sequenceCounter + "000000000000000000000000" for session RMAC key (data)
//"0181" + sequenceCounter + "000000000000000000000000" for session DEK key (data)
//"0182" + sequenceCounter + "000000000000000000000000" for session ENC key (data)
//sessionCMAC is :3213860da8f8d9796794cbcec43ef7a23213860da8f8d979: with sequence counter:003b (result)
//sessionRMAC is :042a687f6e0dd3f80eabf1e5d51ccefe042a687f6e0dd3f8: with sequence counter:003b (result)
//sessionDEK is :1fe31370c22354e3b90d6b8ad5686d371fe31370c22354e3: with sequence counter:003b (result)
//sessionENC is :94a47ad54ffbf423fe4a9d915befab5294a47ad54ffbf423: with sequence counter:003b (result)
<code>
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
DESedeKeySpec keySpec = new DESedeKeySpec(keyData);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = secretKeyFactory.generateSecret(keySpec);
IvParameterSpec iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] result = desedeCBCCipher.doFinal(data);
if (result .length == 16) {
byte[] temp = (byte[]) result .clone();
result = new byte[24];
System.arraycopy(temp, 0, result , 0, temp.length);
System.arraycopy(temp, 0, result , 16, 8);
keySpec = new DESedeKeySpec(result);
secretKeyFactory = SecretKeyFactory.getInstance("DESede");
key = secretKeyFactory.generateSecret(keySpec);
</code>
I use the same encrytion to derive KeyCheckValue with
newKey ='505152535455565758595a5b5c5d5e5f', data = '0000000000000000'
and it results to : '6d377e' (of course the last 3 bytes)
Even though my CMAC session key is different from others (e.g "RLopes" in "http://192.9.162.102/thread.jspa?threadID=5365173&tstart=363" and I have seen it in others too and its really odd to me that its slightly different if you take a close look you will get what i mean) i get the EXTERNAL AUTHENTICATION to work.
If there is anyone who is 100% sure meaning he/she got other commands to work after EXTERNAL AUTHENTICATE using CMAC please help me verify the keys I got?
Can he/she test with his code to see if he/she is getting the same session keys or check value?
Thanks in advance
Kamran
Hi,
Here is the Class and thanks for the tip, I've honestly tried these <code></code> but didn't work and I know it is indeed annoying without the tags :D
I really hope it helps...
* To change this template, choose Tools | Templates
* and open the template in the editor.
package terminalpcsc;
import java.lang.Exception;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.security.sasl.AuthenticationException;
import javax.smartcardio.*;
* @author Kamran
* @param args the command line arguments
public class Main {
private static CardChannel channel;
private static Card card;
private static int CHALLENGE_LENGTH = 8;
private static byte[] keyDiversification = new byte[10];
private static byte[] keyInformation = new byte[2];
private static byte[] sequenceCounter = new byte[2];
private static byte[] cardChallenge = new byte[6];
private static byte[] cardCryptogram = new byte[8];
private static byte[] hostChallenge = new byte[8];
private static byte[] hostCryptogram = new byte[8];
private static String keyDiversificationHexString;
private static String keyInformationHexString;
private static String sequenceCounterHexString;
private static String cardChallengeHexString;
private static String cardCryptogramHexString;
private static String hostChallengeHexString;
private static String hostCryptogramHexString;
private static byte[] sessionCMAC;
private static byte[] sessionDEK;
private static byte[] sessionENC;
private static byte[] sessionRMAC;
private static byte[] icvNextCommand;
private static IvParameterSpec ivAllZeros = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
private static byte[] staticKey = hexStringToByteArray("404142434445464748494a4b4c4d4e4f4041424344454647");
private static byte[] newKey = hexStringToByteArray("505152535455565758595a5b5c5d5e5f");
private static byte[] CMAC;
* @param args the command line arguments
public static void main(String[] args) throws Exception {
initiateCardChannel();
String apduString = generateSelectAPDU("a000000003535041");
byte[] bufferC = hexStringToByteArray(apduString);
CommandAPDU capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Select AID: " + byteArrayToHexString(bufferC));
ResponseAPDU rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
byte[] bufferR = rapdu.getData();
String responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generateInitializeUpdateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Initialize Update: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
// protocol 01
//System.arraycopy(bufferR,0,keyDiversification,0,10);
//System.arraycopy(bufferR,10,keyInformation,0,2);
//System.arraycopy(bufferR,12,cardChallenge,0,8);
//System.arraycopy(bufferR,20,cardCryptogram,0,8);
// protocol 02
System.arraycopy(bufferR, 0, keyDiversification, 0, 10);
System.arraycopy(bufferR, 10, keyInformation, 0, 2);
System.arraycopy(bufferR, 12, sequenceCounter, 0, 2);
System.arraycopy(bufferR, 14, cardChallenge, 0, 6);
System.arraycopy(bufferR, 20, cardCryptogram, 0, 8);
keyDiversificationHexString = byteArrayToHexString(keyDiversification);
keyInformationHexString = byteArrayToHexString(keyInformation);
sequenceCounterHexString = byteArrayToHexString(sequenceCounter);
cardChallengeHexString = byteArrayToHexString(cardChallenge);
cardCryptogramHexString = byteArrayToHexString(cardCryptogram);
System.out.println("keyDiversification: " + keyDiversificationHexString);
System.out.println("keyInformation: " + keyInformationHexString);
System.out.println("sequenceCounter: " + sequenceCounterHexString);
System.out.println("cardChallenge: " + cardChallengeHexString);
System.out.println("cardCryptogram: " + cardCryptogramHexString);
System.out.println("Calculating Session Keys... encryption with CBC");
//E.4.1 GP 2.1.1
sessionCMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0101" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionCMAC is :" + byteArrayToHexString(sessionCMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionRMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0102" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionRMAC is :" + byteArrayToHexString(sessionRMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionDEK = deriveEncryptionCBC(staticKey, hexStringToByteArray("0181" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionDEK is :" + byteArrayToHexString(sessionDEK) + ": with sequence counter:" + sequenceCounterHexString);
sessionENC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0182" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionENC is :" + byteArrayToHexString(sessionENC) + ": with sequence counter:" + sequenceCounterHexString);
System.out.println("Calculating and Verifying Card Cryptogram...");
byte[] signature = cbcMACSignature(hexStringToByteArray(hostChallengeHexString + sequenceCounterHexString + cardChallengeHexString + "8000000000000000"), sessionENC);
String signatureHexString = byteArrayToHexString(signature);
if (signatureHexString.equalsIgnoreCase(cardCryptogramHexString)) {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram authenticated");
apduString = generateExternalAuthenticateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU External Authenticate: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generatePutKeyAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Put Key: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
} else {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram is not authenticated");
releaseCardChannel();
public static byte[] cbcMACSignature(byte[] data, byte[] sessionSENC) throws AuthenticationException {
IvParameterSpec params =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
if (sessionSENC.length == 16) {
byte[] temp = (byte[]) sessionSENC.clone();
sessionSENC = new byte[24];
System.arraycopy(temp, 0, sessionSENC, 0, temp.length);
System.arraycopy(temp, 0, sessionSENC, 16, 8);
byte[] temp = null;
SecretKey secretKey = new SecretKeySpec(sessionSENC, "DESede");
try {
Cipher cbcDES = Cipher.getInstance("DESede/CBC/NoPadding");
cbcDES.init(Cipher.ENCRYPT_MODE, secretKey, params);
temp = cbcDES.doFinal(data);
} catch (GeneralSecurityException e) {
e.printStackTrace();
byte[] signature = new byte[8];
System.arraycopy(temp, temp.length - 8, signature, 0, signature.length);
return signature;
// generateInitialUpdateAPDU()
//CLA '80'
//INS '50' INITIALIZE UPDATE
//P1 'xx' Key Version Number
//P2 '00' Reference control parameter P2
//Lc '08' Length of host challenge
//Data 'xx xx…' Host challenge
//Le '00'
//RESPONSE TEMPLATE
//Key diversification data 10 bytes
//Key information 2 bytes
//Card challenge 8 bytes
//Card cryptogram 8 bytes
public static String generateInitializeUpdateAPDU() throws Exception {
hostChallenge = generateHostChallenge();
hostChallengeHexString = byteArrayToHexString(hostChallenge);
return "8050000008" + hostChallengeHexString + "00";
//CLA '80' or '84'
//INS 'D8' PUT KEY
//P1 'xx' Reference control parameter P1 Key Version Number -- '00' is new key range is '01' to '7F'
//P2 'xx' Reference control parameter P2 Key Identifier -- '00' to '7F'
//Lc 'xx' Length of data field
//Data 'xxxx..' Key data (and MAC if present)
//Le '00'
public static String generatePutKeyAPDU() throws Exception {
String keyCheckValue = new String();
//keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
keyCheckValue = byteArrayToHexString(deriveEncryptionECB(newKey, hexStringToByteArray("0000000000000000")));
keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
System.out.println("keyCheckValue :" + keyCheckValue + " 3DES ECB, key is new key '505152535455565758595a5b5c5d5e5f5051525354555657', data is 8 zeroes");
String encryptedNewKey = byteArrayToHexString(deriveEncryptionECB(sessionDEK, newKey));
//System.out.println("sessionDEK.getEncoded() :" + sessionDEK.getEncoded() + " len is:" + sessionDEK.getEncoded().length);
System.out.println("encryptedNewKey :" + encryptedNewKey);
//testing newKey
String dataField = "01" + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue;
// String dataField2 = "01" + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue;
System.out.println("datafield to calculate cmac :" + dataField);
System.out.println("icv to calculate cmac is previous mac first 8 byte sessionCMAC in CBC single des :" + byteArrayToHexString(icvNextCommand));
CMAC = generateCMac2((byte) 0x84, (byte) 0xD8, (byte) 0x00, (byte) 0x81, hexStringToByteArray(dataField), sessionCMAC, icvNextCommand);
System.out.println("data field with des padding for encryption (encryption in CBC sessionENC) :" + desPadding(dataField));
String dataField3 = byteArrayToHexString(deriveEncryptionCBC(sessionENC, hexStringToByteArray(desPadding(dataField))));
System.out.println("data field after encryption :" + dataField3);
Integer CMACLen = byteArrayToHexString(CMAC).length() / 2;
System.out.println("CMACLen :" + CMACLen);
Integer dataFieldLen = dataField3.length() / 2;
System.out.println("dataFieldLen :" + dataFieldLen);
Integer intLc = dataFieldLen + CMACLen;
System.out.println("intLc :" + intLc);
String hexLc = Integer.toString(intLc, 16);
System.out.println("hexLc :" + hexLc);
return "84D80081" + hexLc + dataField3 + byteArrayToHexString(CMAC) + "00";
//generateExternalAuthenticateAPDU()
//CLA '84'
//INS '82' EXTERNAL AUTHENTICATE
//P1 'xx' Security level --'03' C-DECRYPTION and C-MAC.--'01' C-MAC.'00' No secure messaging expected.
//P2 '00' Reference control parameter P2
//Lc '10' Length of host cryptogram and MAC
//Data 'xx xx…' Host cryptogram and MAC
//Le Not present
public static String generateExternalAuthenticateAPDU() throws Exception {
System.out.println("Calculating and Verifying Host Cryptogram...");
hostCryptogram = cbcMACSignature(hexStringToByteArray(sequenceCounterHexString + cardChallengeHexString + hostChallengeHexString + "8000000000000000"), sessionENC);
hostCryptogramHexString = byteArrayToHexString(hostCryptogram);
System.out.println("hostCryptogram is :" + hostCryptogramHexString);
CMAC = generateCMac2((byte) 0x84, (byte) 0x82, (byte) 0x03, (byte) 0x00, hostCryptogram, sessionCMAC, new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
return "8482030010" + hostCryptogramHexString + byteArrayToHexString(CMAC);
// generateSelectAPDU()
//CLA '00' ISO/IEC 7816-4 command
//INS 'A4' SELECT
//P1 'xx' Reference control parameter P1 --'04' select by name
//P2 'xx' Reference control parameter P2 --'00' First or only occurrence --'02' Next occurrence
//Lc 'xx' Length of AID
//Data 'xxxx..' AID of Application to be selected
//Le '00'
// RESPONSE TEMPLATE
//'6F' File Control Information (FCI template) Mandatory
//'84' Application / file AID Mandatory
//'A5' Proprietary data Mandatory
//'73' Security Domain Management Data (see Appendix F for detailed coding) Optional
//'9F6E' Application production life cycle data Optional
//'9F65' Maximum length of data field in command message Mandatory
public static String generateSelectAPDU(String AID) throws Exception {
String AIDlen = Integer.toString(AID.length() / 2, 16);
if (AIDlen.length() == 1) {
AIDlen = "0" + AIDlen;
System.out.println("00A40400" + AIDlen + AID);
return "00A40400" + AIDlen + AID;
public static String byteArrayToHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
return result;
public static void initiateCardChannel() throws CardException {
System.out.println("Connecting to Java Card...");
TerminalFactory factory = TerminalFactory.getDefault();
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals Detected: " + terminals);
// get the first terminal
System.out.println("Connecting to: " + terminals + "...");
CardTerminal terminal = terminals.get(0);
System.out.println("Connected to: " + terminals);
// establish a connection with the card
System.out.println("Connecting to Java Card...");
card = terminal.connect("T=0");
System.out.println("Connected to card: " + card);
System.out.println("Obtaining Channel...");
channel = card.getBasicChannel();
System.out.println("Connecting to Channel: " + channel.getChannelNumber());
public static void releaseCardChannel() throws CardException {
System.out.println("Disconnection all...");
card.disconnect(false);
System.out.println("Disconnection Done");
System.out.println("*END*");
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
return data;
//To generate the derivation data:
public static byte[] deriveEncryptionCBC(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
IvParameterSpec dps =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
String algorithm = "DESede/CBC/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey, dps);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
public static byte[] deriveEncryptionECB(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
String algorithm = "DESede/ECB/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
* Adjust a DES key to odd parity
* @param key
* to be adjusted
public static byte[] adjustParity(byte[] key) {
for (int i = 0; i < key.length; i++) {
int akku = (key[i] & 0xFF) | 1;
for (int c = 7; c > 0; c--) {
akku = (akku & 1) ^ (akku >> 1);
key[i] = (byte) ((key[i] & 0xFE) | akku);
return key;
public static byte[] generateCMac2(byte cla, byte ins, byte p1, byte p2, byte[] dataField, byte[] SMacSessionKey, byte[] icv) throws GeneralSecurityException, Exception {
if (SMacSessionKey.length == 16) {
byte[] temp = (byte[]) SMacSessionKey.clone();
SMacSessionKey = new byte[24];
System.arraycopy(temp, 0, SMacSessionKey, 0, temp.length);
System.arraycopy(temp, 0, SMacSessionKey, 16, 8);
byte[] cMac = new byte[8];
byte[] padding = {(byte) 0x80, 0, 0, 0, 0, 0, 0, 0};
int paddingRequired = 8 - (5 + dataField.length) % 8;
byte[] data = new byte[5 + dataField.length + paddingRequired];
//Build APDU
data[0] = cla;
data[1] = ins;
data[2] = p1;
data[3] = p2;
data[4] = (byte) ((byte) dataField.length + (byte) 0x08);
System.arraycopy(dataField, 0, data, 5, dataField.length);
System.arraycopy(padding, 0, data, 5 + dataField.length, paddingRequired);
System.out.println("data to calculate mac :" + byteArrayToHexString(data));
System.out.println("icv to calculate mac :" + byteArrayToHexString(icv));
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
Cipher singleDesCipher = Cipher.getInstance("DES/CBC/NoPadding", "SunJCE");
SecretKeySpec desSingleKey = new SecretKeySpec(SMacSessionKey, 0, 8, "DES");
SecretKey secretKey = new SecretKeySpec(SMacSessionKey, "DESede");
//Calculate the first n - 1 block. For this case, n = 1
IvParameterSpec ivSpec = new IvParameterSpec(icv);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte ivForLastBlock[] = singleDesCipher.doFinal(data, 0, 8);
int blocks = data.length / 8;
for (int i = 0; i < blocks - 1; i++) {
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte[] block = singleDesCipher.doFinal(data, i * 8, 8);
ivSpec = new IvParameterSpec(block);
int offset = (blocks - 1) * 8;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
cMac = cipher.doFinal(data, offset, 8);
ivSpec = new IvParameterSpec(new byte[8]);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
icvNextCommand = singleDesCipher.doFinal(cMac);
return cMac;
public static byte[] generateHostChallenge() {
byte[] hostChallenge = new byte[CHALLENGE_LENGTH];
SecureRandom random = new SecureRandom();
random.nextBytes(hostChallenge);
return hostChallenge;
public static String desPadding(String hexString) {
System.out.println("String to pad before:" + hexString);
hexString = hexString + "80";
int hexStringLen = hexString.length() / 2;
int padding = 8 - (hexStringLen % 8);
for (int i = 0; i < padding; i++) {
hexString = hexString + "00";
System.out.println("String to pad after :" + hexString);
return hexString;
}Thanks in advance
Kamran
Similar Messages
-
Session Key and initialization vector
Hi,
is the session key the key used with the initialization vector IV as input parameters for the RC4algorithm? In this way the server and the client derive the WEP key for the data unicast encryption.
Very thancks.Since december 2000, we support a session key, which is negociated by the LEAP protocol after a login/password authentication with the Cisco Secure ACS Radius server. With this implementation the session key is used as the input parameter for the RC4 algorithm.
Since december 2001, we have a new firmware release (actual AP release 11.21 available on CCO) that support a 'TKIP' implementation, where the session key is hashed for each packet to obtain a uniq 'packet' key, used as the input parameter for the RC4 algo for the packet. The radio firmware must be upgraded in both AP and Client. -
Hi,
As I understand it, in the process of making an SSL connection (during the handshake) certificates are exchanged and their identities are authenticated, and then each create an identical (symetric) session key which will be used to encrypt communication.
My questions are:
1) What algorithm/encryption engine is used to create this key?
2) How strong is the algorithm that generates the key, and what type of key is used?
3) How can custom cyrptographic providers be used with SSL to generate these session keys?
4) Is there a way to force the SSL connection to use one specific method of generating the session key, and fail if it can't?
5) Is there a web page that gives me the deatail on these topics?
I've been looking around, but I can't find the answers to these specific questions.
Any help would be much appreciated, thanks,
JasonYou may consider to look on the following resources:
SSL v3 http://ssllib.sourceforge.net/draft302.txt
SSL v2 http://ssllib.sourceforge.net/SSLv2.spec.html
TLS v1 http://ssllib.sourceforge.net/rfc2246.txt
SSL and TLS book http://www.rtfm.com/sslbook/
JSSE Guide
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#SSLDocs
The algorithms used in SSL hanshake and then in data transmition are driven by the choosen cipher suite http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CipherSuite I.e. TLS_RSA_WITH_RC4_128_MD5. See SSLSocket documentation on how to set enabled suites - http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[]) -
Nnot Get Session Key for Authentication
I found in trace file of my application
(TRACE_LEVEL_CLIENT = SUPPORT in sqlnet.ora):
ORA-28035 Cannot Get Session Key for Authentication
Cause: Client and server cannot negotiate shared secret during logon.
What is the session key and how to obtain it?DISABLE_OOB = ON
NAMES.DEFAULT_DOMAIN = domain
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.CRYPTO_SEED = P9EBHPQFLEIAJNUFAZHQP8JBNES8EBEEHS895LCWW9UZKO9HR2R2E5GDN7JV15T27QJO97D89BQAWSRF
# SQLNET.CRYPTO_CHECKSUM_SERVER = requested
# SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
# SQLNET.ENCRYPTION_SERVER = requested
# SQLNET.ENCRYPTION_CLIENT = requested
SQLNET.RADIUS_AUTHENTICATION = ad1.domain
# SQLNET.RADIUS_AUTHENTICATION_PORT = (PORT)
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 5
SQLNET.RADIUS_AUTHENTICATION_RETRIES = 3
SQLNET.RADIUS_ALTERNATE = ad2.nlmk
# SQLNET.RADIUS_ALTERNATE_PORT = (1645)
SQLNET.RADIUS_ALTERNATE_TIMEOUT = 5
SQLNET.RADIUS_ALTERNATE_RETRIES = 3
SQLNET.RADIUS_SEND_ACCOUNTING = ON
# SQLNET.RADIUS_SECRET=(path/radius.key)
SQLNET.AUTHENTICATION_SERVICES = (NTS, BEQ,RADIUS)
# TRACE_LEVEL_CLIENT = SUPPORT
# TRACE_LEVEL_SERVER = SUPPORT
domain is the name of my windows domain
TNSNAMES.ORA
SERVER.DOMAIN =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.domain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = server.domain)
) -
please helpme i block my ipod touch second generation and forget the code, try putting the code so many times that now says connect to itunes, I connect but will not let me do anything that tells me this should unlock with key and I should do for Please help!. thanks
Place the iPOd in recovery mode and then restore. For recovery mode:
iPhone and iPod touch: Unable to update or restore -
I bought a new Macbook Pro 13 inch in December 2011 and I bought the Adobe Creative Suite 5.5 Design Premium shortly after and installed it on the computer. The other day my friend spilled his drink on my computer and it is now going to cost me $800 to get it fixed so I am considering getting a new one instead of getting mine fixed I'm not sure if the memory is still ok or not either. It didn't get that wet and Apple told me it is more than likely ok but there is no guarantee that they are going to keep the memory when they fix it. So I was wondering if I get a new one if I can install the Suite on the new one I still have the product key and serial number for the Suite. Or if I decide to get mine fixed and the memory is swept, then can I reinstall it on mine after it is fixed? If anyone can help me it would be greatly appreciated!!! Thank You
deactivate your installation on your old computer (help>deactivate).
Downloads available:
Suites and Programs: CC 2014 | CC | CS6 | CS5.5 | CS5 | CS4 | CS3
Acrobat: XI, X | 9,8 | 9 standard
Premiere Elements: 13 | 12 | 11, 10 | 9, 8, 7 win | 8 mac | 7 mac
Photoshop Elements: 13 |12 | 11, 10 | 9,8,7 win | 8 mac | 7 mac
Lightroom: 5.6| 5 | 4 | 3
Captivate: 8 | 7 | 6 | 5
Contribute: CS5 | CS4, CS3
Download and installation help for Adobe links
Download and installation help for Prodesigntools links are listed on most linked pages. They are critical; especially steps 1, 2 and 3. If you click a link that does not have those steps listed, open a second window using the Lightroom 3 link to see those 'Important Instructions'. -
My I Mac does not start properly without pressing option and apple keys ,and it freezes
My I Mac does not start properly without pressing option and apple keys ,and it freezes
Try any of the following:
http://support.apple.com/kb/HT1379 Resetting your Mac's PRAM and NVRAM
Disconnect all devices from the computer then do the following:
Boot up from your Snow Leopard Install DVD while holding down the "c" key.
Select the language you wish to use, and then choose "Disk Utility" from the menu bar.
Your HD should appear in a panel on the left hand side of the window which opens. Select it and then click on the "repair disk" button in the right hand section of the window.
Once this process has been completed restart your computer and repair permissions directly from Disk Utility.
If Disk Utility is unable to complete the repair, you will need to use a stronger 3rd party utility like DiskWarrior, Techtool PRO (not Deluxe) or Drive Genius.
Troubleshoot the spinning beach ball/freezing & crashing -
I was typing in a word for Mac document and I hit the apple key and the numeral 8 at the same time now all of my documents have these strange symbols please help
Simply type command 8 again. That toggles the "show paragraphs" function.
-
Why my MacBook pro with Maverick, when I'm connected with internet key and connect with usb cable my HTC One the Mac restat with error?
Solution may be found if you search in the "More Like This" section over in the right column.
-
JAAS, EJB, GlassFish2 and session key/id
I use standalone EJB client to connect to GlassFish 2. I use custom login module on Aplication server side and ProgrammaticLogin to enter login and password.
I see that every call to any of my remote methods is resulted in sending my login and password to Application server (to my login module).
I do not want it sends login/password every time but only first time. Id like to do smth as it is done in http session.
Id like to send login and password only once when I lookup my remote interface or when I do explicit login. Then if authentication is successes Ive got smth like session key/id and use it for client identification.
How I can implement it? How I can send session key back to client on successful login? Is it possible at all in JAAS/EJB world?I think there's something wrong with your application. Have you checked google? There's plenty of threads about this same problem here already please refer to them. Please copy paste your whole stacktrace here, we experts can't help you otherwise.
Best Regards, Angus -
my power mac g4 was working fine i hit a key and it shut down and know it has a symble floting around the screen like the firewirs symble and ot wont turn back on how do i fix it
It does sound like the T key is stuck.
One way to test to see if the keyboard is at fault is to disconnect the keyboard, then start up the Mac.
Note - on that model, you can force a shutdown by holding in the power button (the one on the front panel of the machine) for 8 to 10 seconds.
You can also force a restart by pressing the small convex (bulges out slightly) button under the power button on the front panel (it's the one on the left). -
Jam session between iPad and Mac
Is it possible to start a jam session between an iPad (or iphone) and Mac?
Agreed, it must be in development because surely the good folks at Apple have the vision (or at least the common sense) to know this should've happened a long time ago. I'm sure there's a VERY good reason why creating a session between the Mac's GarageBand and the iOS GarageBand is not yet possible and that it must happen soon, right?
-
With LEAP, a session key is used. Cisco docs point out, that after the authentication phase, the session key is distributed from the RADIUS Server to the AP and Client.
Does this mean, that the session key is transmitted in cleartext?
I would be very happy to have an answer or doc, which offers an answer to my question.
Thanks in advance
EdgarLEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated.
Serge -
Coke-spilled-on-keyboard.-I-cleaned-keys-and-board-let-dry-3-days.-All
work-perfectly=except-space-key.Is-there-any-electrical-spray-cleaner-Ic
could-spray-in-the-port-under-the-key=to=try=to=get=it-to=worK?
My-bro-works-at-theApple-store-and-wants-me-to-get-the-IMac-with-the-chip.Anyone -had-problems-with-this-model-to=suggest-I=wait=for=the
bugs=to=be=ironed=out?I always thought Apple is consumer friendly. After 15 years of using PC I broke down and bought iMac for my kids. What is horrible pain it is to deal with it. you purchase a support plan which is almost impossible to register. Apple is just nicely set up to take your money and provide as little help as possible. I am terribly dissapointed in how difficult to they make it for you to use it...
very, very dissapointed. the whole apple experience is worst than Microsoft. -
Hi, Volume key and light up key are not working after I installed marverick version, Actually the whole key pad line isn't working .How should I do?
Try resetting the SMC http://support.apple.com/kb/ht3964
Maybe you are looking for
-
HP Officejet Pro 8500 Wireless A909g Loses Connectivity
[posted on behalf of another user] Problem with HP Officejet Pro 8500 Wireless A909g New printer will not stay connected to the wireless network. The printer continuously drops the network connection. For 15-20 minutes at a time, it will go off-line,
-
Optical out shuts off after some time without being used
Hi, I bought a Mac Mini to run XBMC on my TV. I connect the video out via HDMI to DVI and optical out to my sound system. It works great when I first start using it but when I return (usually a day later), I don-t get any sound. Restarting the applic
-
Creating a interactive prerendered 3d presentation.
Hello I'm creating a presentation in adobe flash pro cs5. I wanted a interface of buttons that would if you clicked on one of them play a prerendered movie clip that would after it has been played be jumping to another keyframe and stay on that keyfr
-
Having trouble opening .fla files in Flash MX
Hi, Can anyone help me? I'm using Flash MX, and when I get sent .fla files to edit I get a "Unexpected file format" error or a "An unknow error has occured while accessing ..<location of file.fla>" Is this because I'm trying to edit/open .fla files t
-
Procedure to check data from different tables
Hi I am trying to write a procedure to compare data from a table with another. Table 1 ID Name Dept 1 ABC Y 2 DEF Z Table 2 ID Dept 1 Y 2 Z Table 3 Name ID 1 ABC 2 DEF I would like to compare each record data in Table 1 with data from different table