Simple RSA decryption error

Hi All
I am trying a very simple RSA implementations. I am not able to decrypt the data correctly. Please find my code below,
import java.math.BigInteger;
import java.util.Random;
public class SimpleRSA {
     public static BigInteger p, q, N, v, k, d;
     public static void main(String[] args) {
          // p & q are prime numbers
          Random myRandom = new Random(0);
          p = BigInteger.probablePrime(32, myRandom);
          q = BigInteger.probablePrime(32, myRandom);
          System.out.println("Value of p:" + p);
          System.out.println("Value of q:" + q);
          // N = pq
          N = p.multiply(q);
          System.out.println("Value of N:" + N);
          // v = (p-1)*(q-1)
          v =
               (p.subtract(BigInteger.valueOf(1))).multiply(
                    q.subtract(BigInteger.valueOf(1)));
          System.out.println("Value of v:" + v);
          // Compute k such that gcd(k, v) = 1
          k = new BigInteger("3");
          while(v.gcd(k).intValue() > 1) k = k.add(new BigInteger("2"));
          System.out.println("Value of k:" + k);
          // Compute d such that (d * k)%v = 1
          d = k.modInverse(v);
          System.out.println("Value of d:" + d);
          System.out.println("Public Key (k,N): (" + k + "," + N + ")");
          System.out.println("Private Key (d,N): (" + d + "," + N + ")");
          // Encryption
          String text = "Welcome to Java";
          System.out.println("Sample text:" + text);
          byte[] cipherData = text.getBytes();
          BigInteger a = new BigInteger(cipherData);
          System.out.println("BigInteger a:" + a);          
          BigInteger b = a.modPow(k, N);
          System.out.println("Encrypted data:" + b);
          // Decryption
          BigInteger c = b.modPow(d, N);
          byte[] decryptedData = c.toByteArray();          
          String plainText = new String(decryptedData);
          System.out.println("Decrypted data:" + plainText);     
The answer I am getting is like this
Value of p:3139482721
Value of q:3180579707
Value of N:9985375032889742747
Value of v:9985375026569680320
Value of k:7
Value of d:4279446439958434423
Public Key (k,N): (7,9985375032889742747)
Private Key (d,N): (4279446439958434423,9985375032889742747)
Sample text:Welcome to Java
BigInteger a:1446156601937412646258
Encrypted data:9678387382297663676
Decrypted data:r��`�>B[/i]
Please help me in this regard.
Regards
Kathirvel

"m" (the integer rep of the message) must be strictly less than "N" (p*q). Look at the output - your p and q are too small for your data. Tryp = BigInteger.probablePrime(512, myRandom);
q = BigInteger.probablePrime(512, myRandom);and try again.
Then, go back and re-read the description of the RSA algorithm:
http://en.wikipedia.org/wiki/RSA
("Applied Cryptography" would be bettr - but Wikipedia is at least a good start...)
Grant

Similar Messages

  • RSA Decryption Error - Illegal Use

    Hi there,
    i have a crypthographic problem using a JavaCard application and a Java host application.
    On the card i create a cipher object and a private/public key:
    Cipher cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1_OAEP, false);
    KeyPair kP = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_1984);
    kP.genKeyPair();
    RSAPublicKey app_public_key = (RSAPublicKey) kP.getPublic();
    RSAPrivateKey app_private_key = (RSAPrivateKey) kP.getPrivate();There are two functions on the card to send the modulus and the exponent from the public key to the host application using two APDUs.
    private void sendModulus(APDU apdu)
         byte[] buffer = apdu.getBuffer();
         short modLength = app_public_key.getModulus(buffer, (short)ISO7816.OFFSET_CDATA);
         apdu.setOutgoing();
         apdu.setOutgoingLength(modLength);
         apdu.sendBytesLong(buffer, (short)ISO7816.OFFSET_CDATA, modLength);
    private void sendExponent(APDU apdu)
         byte[] buffer = apdu.getBuffer();
         short expLength = app_public_key.getExponent(buffer, (short)ISO7816.OFFSET_CDATA);
         apdu.setOutgoing();
         apdu.setOutgoingLength(expLength);
         apdu.sendBytesLong(buffer, (short)ISO7816.OFFSET_CDATA, expLength);
    }On the host i request the modulus and the exponent and build the public key:
    public void getAppMod() throws TerminalException
                      //get modulus
         ResponseApdu response = send(new CommandApdu("0x00 0xAA 0x01 0x00"));
         System.out.println(response.getStatusHexString());
         byte[] modulus = response.getData().toByteArray();
                      //get exponent
         ResponseApdu response = send(new CommandApdu("0x00 0xAA 0x02 0x00"));
         System.out.println(response.getStatusHexString());
         byte[] exponent = response.getData().toByteArray();
                      RSAPublicKeySpec kSpec = new RSAPublicKeySpec(new BigInteger(1, mod), new BigInteger(1, exp));
         KeyFactory kFac = KeyFactory.getInstance("RSA");
         RSAPublicKey app_rsa_publicKey = (RSAPublicKey)kFac.generatePublic(kSpec);
    }Now i create a cipher object on the host application, encrypt a message with this public key and send it to the card:
    Security.addProvider(new BouncyCastleProvider());
    Cipher cipher = Cipher.getInstance("RSA", "BC");
    cipher.init(Cipher.ENCRYPT_MODE, app_rsa_publicKey);
    byte[] cipherData = cipher.doFinal(bData); //bData is the message and cipherData the encrypted 248byte message.On the card now im trying to decrypt it with the private key.
    byte[] buffer = apdu.getBuffer();
    short bytesRead = apdu.setIncomingAndReceive();
    cipher.init(app_private_key, Cipher.MODE_DECRYPT);
    short messageLength = cipher.doFinal(buffer, (short)ISO7816.OFFSET_CDATA, bytesRead, buffer, (short)ISO7816.OFFSET_CDATA);
    }But the "doFinal" method throws an "ILLEGAL_USE" Exception...
    I dont know what to do now....
    Is it possible that the "BouncyCastle" Cipher object on the host side does not fit the cipher object on the card side ? because the key was transfered correctlly :(
    is there any provider i can use whre i dont need a free library like bouncycastle ?
    Thanks for helping...
    Edited by: 963778 on 08.10.2012 01:56

    Hi again,
    i think i solved my problem.
    So far it seems it wasnt the same RSA padding on card an host.
    After create the cipher on the card this way:
    cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);And on the host this way:
    cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", "BC");it works fine from host to card.
    The other way from card to host i get an "unknown block type" error.

  • RSA decryption Error: Data must start with zero

    Because of some reasons, I tried to use RSA as a block cipher to encrypt/decrypt a large file. When I debug my program, there some errors are shown as below:
    javax.crypto.BadPaddingException: Data must start with zero
         at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
         at sun.security.rsa.RSAPadding.unpad(Unknown Source)
         at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
         at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:394)
         at javax.crypto.Cipher.doFinal(Cipher.java:2299)
         at RSA.RRSSA.main(RRSSA.java:114)
    From breakpoint, I think the problem is the decrypt operation, and Cipher.doFinal() can not be operated correctly.
    I searched this problem from google, many people met the same problem with me, but most of them didn't got an answer.
    The source code is :
    Key generation:
    package RSA;
    import java.io.FileOutputStream;
    import java.io.ObjectOutputStream;
    import java.security.KeyPair;
    import java.security.KeyPairGenerator;
    import java.security.PrivateKey;
    import java.security.PublicKey;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    public class GenKey {
          * @param args
                     * @author tang
         public static void main(String[] args) {
              // TODO Auto-generated method stub
                 try {
                      KeyPairGenerator KPG = KeyPairGenerator.getInstance("RSA");
                      KPG.initialize(1024);
                      KeyPair KP=KPG.genKeyPair();
                      PublicKey pbKey=KP.getPublic();
                      PrivateKey prKey=KP.getPrivate();
                      //byte[] publickey = decryptBASE64(pbKey);
                      //save public key
                      FileOutputStream out=new FileOutputStream("RSAPublic.dat");
                      ObjectOutputStream fileOut=new ObjectOutputStream(out);
                      fileOut.writeObject(pbKey);
                      //save private key
                          FileOutputStream outPrivate=new FileOutputStream("RSAPrivate.dat");
                      ObjectOutputStream privateOut=new ObjectOutputStream(outPrivate);
                                 privateOut.writeObject(prKey)
         }Encrypte / Decrypt
    package RSA;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.ObjectInputStream;
    import java.security.Key;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    import javax.crypto.Cipher;
    //import sun.misc.BASE64Decoder;
    //import sun.misc.BASE64Encoder;
    public class RRSSA {
          * @param args
         public static void main(String[] argv) {
              // TODO Auto-generated method stub
                //File used to encrypt/decrypt
                 String dataFileName = argv[0];
                 //encrypt/decrypt: operation mode
                 String opMode = argv[1];
                 String keyFileName = null;
                 //Key file
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 keyFileName = "RSAPublic.dat";
                 } else {
                 keyFileName = "RSAPrivate.dat";
                 try {
                 FileInputStream keyFIS = new FileInputStream(keyFileName);
                 ObjectInputStream OIS = new ObjectInputStream(keyFIS);
                 Key key = (Key) OIS.readObject();
                 Cipher cp = Cipher.getInstance("RSA/ECB/PKCS1Padding");//
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 cp.init(Cipher.ENCRYPT_MODE, key);
                 } else if (opMode.equalsIgnoreCase("decrypt")) {
                 cp.init(Cipher.DECRYPT_MODE, key);
                 } else {
                 return;
                 FileInputStream dataFIS = new FileInputStream(dataFileName);
                 int size = dataFIS.available();
                 byte[] encryptByte = new byte[size];
                 dataFIS.read(encryptByte);
                 if (opMode.equalsIgnoreCase("encrypt")) {
                 FileOutputStream FOS = new FileOutputStream("cipher.txt");
                 //RSA Block size
                 //int blockSize = cp.getBlockSize();
                 int blockSize = 64 ;
                 int outputBlockSize = cp.getOutputSize(encryptByte.length);
                 /*if (blockSize == 0)
                      System.out.println("BLOCK SIZE ERROR!");       
                 }else
                 int leavedSize = encryptByte.length % blockSize;
                 int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
                 : encryptByte.length / blockSize + 1;
                 byte[] cipherData = new byte[outputBlockSize*blocksNum];
                 //encrypt each block
                 for (int i = 0; i < blocksNum; i++) {
                 if ((encryptByte.length - i * blockSize) > blockSize) {
                 cp.doFinal(encryptByte, i * blockSize, blockSize, cipherData, i * outputBlockSize);
                 } else {
                 cp.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize, cipherData, i * outputBlockSize);
                 //byte[] cipherData = cp.doFinal(encryptByte);
                 //BASE64Encoder encoder = new BASE64Encoder();
                 //String encryptedData = encoder.encode(cipherData);
                 //cipherData = encryptedData.getBytes();
                 FOS.write(cipherData);
                 FOS.close();
                 } else {
                FileOutputStream FOS = new FileOutputStream("plaintext.txt");
                 //int blockSize = cp.getBlockSize();
                 int blockSize = 64;
                 //int j = 0;
                 //BASE64Decoder decoder = new BASE64Decoder();
                 //String encryptedData = convert(encryptByte);
                 //encryptByte = decoder.decodeBuffer(encryptedData);
                 int outputBlockSize = cp.getOutputSize(encryptByte.length);
                 int leavedSize = encryptByte.length % blockSize;
                 int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
                           : encryptByte.length / blockSize + 1;
                 byte[] plaintextData = new byte[outputBlockSize*blocksNum];
                 for (int j = 0; j < blocksNum; j++) {
                 if ((encryptByte.length - j * blockSize) > blockSize) {
                      cp.doFinal(encryptByte, j * blockSize, blockSize, plaintextData, j * outputBlockSize);
                      } else {
                      cp.doFinal(encryptByte, j * blockSize, encryptByte.length - j * blockSize, plaintextData, j * outputBlockSize);
                 FOS.write(plaintextData);
                 //FOS.write(cp.doFinal(encryptByte));
                 FOS.close();
    }Edited by: sabre150 on Aug 3, 2012 6:43 AM
    Moderator action : added [ code] tags so as to make the code readable. Please do this yourself in the future.
    Edited by: 949003 on 2012-8-3 上午5:31

    1) Why are you not closing the streams when writing the keys to the file?
    2) Each block of RSA encrypted data has size equal to the key modulus (in bytes). This means that for a key size of 1024 bits you need to read 128 bytes and not 64 bytes at a time when decrypting ( this is probably the cause of your 'Data must start with zero exception'). Since the input block size depends on the key modulus you cannot hard code this. Note - PKCS1 padding has at least 11 bytes of padding so on encrypting one can process a maximum of the key modulus in bytes less 11. Currently you have hard coded the encryption block at 64 bytes which is OK for your 1024 bits keys but will fail for keys of modulus less than about 936 bits.
    3) int size = dataFIS.available(); is not a reliable way to get the size of an input stream. If you check the Javadoc for InputStream.available() you will see that it returns the number of bytes that can be read without blocking and not the stream size.
    4) InputStream.read(byte[]) does not guarantee to read all the bytes and returns the number of bytes actually read. This means that your code to read the content of the file into an array may fail. Again check the Javadoc. To be safe you should used DataInputStream.readFully() to read a block of bytes.
    5) Reading the whole of the cleartext or ciphertext file into memory does not scale and with very large files you will run out of memory. There is no need to do this since you can use a "read a block, write the transformed block" approach.
    RSA is a very very very slow algorithm and it is not normal to encrypt the whole of a file using it. The standard approach is to perform the encryption of the file content using a symmetric algorithm such as AES using a random session key and use RSA to encrypt the session key. One then writes to the ciphertext file the RSA encrypted session key followed by the symmetric encrypted data. To make it more secure one should actually follow the extended procedure outlined in section 13.6 of Practical Cryptography by Ferguson and Schneier.

  • SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

    Hello everybody,
    I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
    Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
    Below is the SSL debug log
    ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
    ssl_debug(15): Received v3 server_hello handshake message.
    ssl_debug(15): Server selected SSL version 3.1.
    ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
    ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
    ssl_debug(15): CompressionMethod selected by server: NULL
    ssl_debug(15): Server does not supports secure renegotiation.
    ssl_debug(15): Received certificate handshake message with server certificate.
    ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
    ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
    ssl_debug(15): Received certificate_request handshake message.
    ssl_debug(15): Accepted certificate types: RSA, DSA
    ssl_debug(15): Accepted certificate authorities:
    ssl_debug(15):   CN=XXXXXXXXXXXXXXXXXXXXXXXX
    ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(15): Received server_hello_done handshake message.
    ssl_debug(15): Sending certificate handshake message with RSA client certificate...
    ssl_debug(15): Sending client_key_exchange handshake...
    ssl_debug(15): Sending certificate_verify handshake message...
    ssl_debug(15): Sending change_cipher_spec message...
    ssl_debug(15): Sending finished message...
    ssl_debug(15): Received alert message: Alert Fatal: decrypt error
    ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
    ssl_debug(15): Shutting down SSL layer...
    My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
    Does somebody have an idea what could cause this SSL handshake failure?
    Best regards,
    Maxim

    The XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.

  • Decrypt Error using 2-way SSL

    I am exposing a stateless Session bean as a webservice and have setup truststore/keystore to allow clients access using 2-way SSL. Recently one of the clients beagn to get TLS Alert 51 - Decrypt Error during the SSL handshake, right after "HANDSHAKEMESSAGE: CertificateVerify". Other clients of 2-way SSL don't appear to have any issues.
    Has anyone seen this?
    Thanks
    Peter
    some SSl debug follows:
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 0>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust status (0): NONE>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 SSL3/TLS MAC>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 received HANDSHAKE>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: CertificateVerify>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 51
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ServerStateReceivedClientKeyExchange.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
         at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
         at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
         at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7828>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 9723897>

    I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
    public static void main(String[] args) throws Exception {
    // set weblogic ServiceFactory
    System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
    // set weblogic client protocol handler
    System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
    // set the SSL adapter
    SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
    // two-way SSL you must loadLocalIdentity to provide certs back to the server
    FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
    String pwd = "canpass";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setTrustedCertificatesFile("./config/ca1024.pem");
    adapter.setStrictChecking(false);
    adapterFactory.setDefaultAdapter(adapter);
    adapterFactory.setUseDefaultAdapter(true);
    String a = null;
    if (args.length < 1) {
    a = "Sample String";
    } else {
    a = args[0];
    ToUpper_Impl lookup = new ToUpper_Impl();
    ToUpperPort value = lookup.gettoUpperPort();
    String result = value.toUpper(a);
    System.out.println(result);
    }

  • Decrypt Errors occuring in WLC Log

    Hi all,
    we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
    Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
    The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
    The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
    Even more frequently we see the following message in the log:
    %ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
    We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
    The WLC is an 2106, the APs are 1242AG.
    We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
    Anyone else got these messages (and hopefully fixed them :))
    Greets,
    Sebastian

    Hi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...

  • HT4864 I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

    I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

  • InternalError: DES Decryption error

    **PLEASE HELP** I recenty did an extension update from MCE 1.2.1 to 1.2.2 for both the 1.2.2 framework and provider. It resolved my previous ExceptionInInitializerError of 'Cannot set up certs for trusted CAs.' I'm now getting an InternalError or "DES Decryption error
    at com.marconi.soc.util.Des3.decrypt (Des3.java:114)
    at com.marconi.soc.util.Crypt3.decrypt (Crypt3:java:51)
    and so on.
    This occurs after starting Openview's NNM which is integrated with Marconi's NMS app, ServiceOn Data (ver2.2).
    I'm not a software or java person so I desperately need some expert help from this forum.
    I believe we're using jre 1.2 thru 1.4 ( each NMS app uses a different jre version, I think). It all worked fine before the JCE expired.

    Hi,
    MDN (Message Disposition Notifications) is nothing but an Exchange Level acknowledgement. MDN ensures the sender of the document that the recipient has successfully received the document. The sender specifies how the MDN is to be sent back (either synchronously or asynchronously, and signed or unsigned). MDN provides the "Non-repudiation" element of AS2
    In case, recipient is able to read the received message successfully a success MDN is sent back otherwise a failed MDN is sent back. Not getting any MDN back also indicates a failure.
    Ask your tp to check the information he/she received in MDN.
    Regards,
    Anuj

  • Packet Encryption/Decryption error

    This error message is from a site-to-site VPN router. The whole error message is like:
    Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
    Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
    Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
    Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
    Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
    I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
    Thanks in advance

    Xuam,
    what was the fix to your problem. I am getting exact same problem.
    Alphonse

  • 'Data Decryption Error'

    I'm trying to set up an internet pay and go account with BTyahoo. However, once I've connected, my ibook won't go to the registration page... it just says "Security Failure. Data Decryption Error" BTYahoo say it must be a mac problem but I've no idea what to do about it.
    Perhaps I need to change some security setting on my iBook?
    Any help would be very appreciated!
    Thanks.
    OS X   Mac OS X (10.4.2)   It might be an OS X 10.3 or 10.4. Can't remember.

    seenfromabove, Welcome to the discussion area!
    What browser are you using? Try a different one. For example if you are using Safari, try Firefox or Netscape.

  • EAP_TLS not successful, getting X509 decrypt error - certificate signature failure

    Hi
    I am trying EAP-TLS authentication on ACS 5.1.
    I have placed the Root CA of the device certitifcate on ACS.
    But getting this error.
    OpenSSLErrorMessage=SSL alert
    code=0x233=563 ; source=local ; type=fatal ; message="X509 decrypt error - certificate signature failure"
    OpenSSLErrorStack=  3055889312:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2649
    Can anyone help in debugging the issue, is it problem with Device's root CA certificate or anything else
    Thanks

    Hi Smita,
    Similar post but with ISE:
    https://supportforums.cisco.com/thread/2135392
    Are we using SHA 2 certs anywhere here?
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp157364
    ACS 5.2 supports SHA 256.
    Rate if useful

  • WEP Key decrypt error + Symbol 9060

    I have a WLC 4400 running ver 3.2.150.6. The LAP is a 1242AG-A-K9. I am getting this error message on the wireless controller log when I try and use my Symbol 9060 RF units the message is:
    WEP Key decrypt error. Station MAC Address is 00:a0:f8:ba:b5:36, Base Radio MAC is 00:19:a9:0f:d7:90 and Slot ID is 0.
    My setup is WPA using 802.1x and the units do authenicate but then after a random period the users lose their sessions. Actually doesnt seem to matter whether I am using WPA or WEP, i still drop. I havent had this problem with the fat APs. Any ideas?

    Cisco is saying the WEP error is a known bug and its a fake message, so that is probably not what is causing the drops. When the clients first started dropping I also noticed another error message but it hasnt show back up till today when i put more client guns back in use. the error is:
    WPA MIC Error counter measure activated on Radio with MAC 00:19:a9:0f:bd:80 and Slot ID 0. Station MAC Address is 00:a0:f8:d2:34:98 and WLAN ID is 1.
    Any thoughts?

  • WEP Key decrypt error

    We have WPA2 clients and WLC4402, why is the controller reporting this error message. Does anyone know ? It doesn't seem to effect the connection but I'm just concerning.
    Tue May 9 12:47:20 2006 WEP Key decrypt error. Station MAC Address is xx:xx:xx:xx:xx:xx, Base Radio MAC is xx:xx:xx:xx:xx:xx and Slot ID is 1.

    Hi
    We are using 802.1x and 104 bit WEP to authenticate against a ACS Server
    (LEAP)
    Sporadically we are also getting the same errormessage muliple times:
    Wed Nov 1 12:09:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
    Wed Nov 1 12:05:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
    It seesms that this error-essage are dieplayed in different configuration cenarios.
    Does anyone know what exactly the reason is for this error message is.
    (Execpt for the Cisco docu statement "Notification sent when the controller detects a WEP decrypting error.")
    Best Regards
    Jarle

  • Decrypt error

    Hi
    We've got a wireless implementation with Wisms and 1142 LAPs and for a while we've been getting decrypt errors and like other posts here say, I've been ignoring them because they haven't been disconnecting clients but now they are getting disconnected. Errors like the one below seem to be causing the client to be disconnecting:
    Decrypt error occurred for client 'xx:xx:xx:xx:xx:xx' using 'WPA' key on  '802.11b/g' interface of AP 'xx'. - Controller Name: WLC-1
    Its happened to 3 out of 5 laptops in one location plus an iPhone 3GS in another location, all the laptops are the same model and on the same versions of of drivers.
    We're on 6.0.188.0.
    Any suggestions on what to do?
    Thanks

    Hi Megz,
    This is cosmetic :)
    DECRYPT_ERROR_FOR_WRONG_WPA_WPA2
    MIB Name
    CISCO-LWAPP-DOT11-CLIENT-MIB. CiscoLwappDot11ClientKeyDecryptError.
    WCS Message
    Decrypt error occurred at AP with MAC "{0}" running TKIP with wrong WPA/WPA2 by client with MAC "{1}."
    Symptoms
    The controller detects that a user is trying to connect with an invalid security policy for WPA/WPA2 types.
    WCS Severity
    Minor.
    Probable Causes
    The user failed to authenticate and join the controller.
    Recommended Actions
    None.
    http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcsevent.html#wp1150053
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddf95ef/0#selected_message
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbf340f
    Hope this helps!
    Rob

  • Decrypt errors issue

    Hi everybody,
    I got this trap massage on WLC.
    The client failed to communicate, it was still associated wiht WLC though.
    the trap massage log is blow
    "Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
    My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
    Thanks.

    We use Dynamic wep key, EAP-TTLS / PEAP.
    I attach the output.
    WLAN Identifier.................................. 1
    Profile Name..................................... kssl
    Network Name (SSID).............................. kssl
    Status........................................... Enabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Disabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
    NAC-State...................................... Disabled
    Quarantine VLAN................................ 0
    Number of Active Clients......................... 0
    Exclusionlist.................................... Disabled
    Session Timeout.................................. 1800 seconds
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    --More-- or (q)uit
    Quality of Service............................... Silver (best effort)
    WMM.............................................. Disabled
    CCX - AironetIe Support.......................... Disabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
    Authentication................................ 10.10.9.44 1812
    Authentication................................ 10.10.9.45 1812
    Accounting.................................... 10.10.9.44 1813
    Accounting.................................... 10.10.9.45 1813
    Local EAP Authentication......................... Disabled
    Security
    802.11 Authentication:........................ Open System
    Static WEP Keys............................... Disabled
    802.1X........................................ Enabled
    --More-- or (q)uit
    Encryption:..................................... 104-bit WEP
    Wi-Fi Protected Access (WPA/WPA2)............. Disabled
    CKIP ......................................... Disabled
    IP Security Passthru.......................... Disabled
    Web Based Authentication...................... Disabled
    Web-Passthrough............................... Disabled
    Conditional Web Redirect...................... Disabled
    Splash-Page Web Redirect...................... Disabled
    Auto Anchor................................... Disabled
    H-REAP Local Switching........................ Disabled
    H-REAP Learn IP Address....................... Enabled
    Infrastructure MFP protection................. Disabled
    Client MFP.................................... Optional but inactive (WPA2 no
    t configured)
    Tkip MIC Countermeasure Hold-down Timer....... 60
    Mobility Anchor List
    WLAN ID IP Address Status
    Thank you.

Maybe you are looking for

  • Associative Array and Blob

    I'm currently working on a system that allows the users to upload an Excel spreadsheet (.xls) in the system. The upload page is a PL/SQL cartridge. Then I've written a Java servlet (using Oracle Clean Content) to convert the XLS into a CSV and store

  • Why can't I install itunes on Microsoft Surface 2 (not a Surface Pro)

    why can't I install itunes on Microsoft Surface 2 (not a Surface Pro)?

  • How to play and stop flv files through NetStream in AIR Application

    Hi, In a folder I have 'n' number of flv file, which are DRM protected. when the user try to play those files for the first time through my AIR application, it will prompt for username and password and gets the license/voucher from the server and sto

  • Adobe 10 Pro Blank scanned pages

    Hi, I have adobe 10 pro.  When I scan from my scanner as a multi page pdf the documents show up grey and blank in adobe.  If I print them they come out just fine.  I just can view the pages that were scanned.  Please help.

  • Motorized stage library: .dll's and API.

    Hi all, I've built software that follows small worms (1mm in length), sequestered in a petri dish, using a motorized stage to keep them in view of a recording camera. I'd like to extend my software to interface with NI supported stages. My software i