[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] Problem with Executing ExtractKeys



Ok, I worked it out.
I needed to install the full rsa & rc4 jar file.
It's working now.

I have found the whole experience to get this far a little confusing.

It was purely trial and error that enabled me to figure out what I needed 
from the number of download options.
The existence of the Applet Edition version just added to the confusion.

The lack of a step-by-step in the documentation didn't help. The 
insall.html document is not nearly detailed enough for someone trying to 
get this stuff working for the first time. Yes, it is technically accurate, 
but there are things that could be made a lot clearer.

May I suggest a supporting page to the download page which lists exactly 
which downloads are required to get moving?
For Example:
To use the demo Applet included with iSaSiLk Light, you need to download 
and install all of the following:
http://jcewww.iaik.tu-graz.ac.at/Releases/isasilk20_l.exe
http://jcewww.iaik.tu-graz.ac.at/Releases/iaikjce251.exe
http://jcewww.iaik.tu-graz.ac.at/Releases/iaik_jce_full.jar
http://jcewww.iaik.tu-graz.ac.at/Releases/isasilk251.exe

The team at IAIK obviously know this, but if I'm having trouble then I can 
bet that others are too.
I guess that you'd like to eliminate support emails wherever necessary.
The addition of a page like this would be a step in the right direction.

Cheers,
Andrew Roughan
FICS Australia


-----Original Message-----
From:	Andrew Roughan [SMTP:andrew.roughan@ficsgrp.com]
Sent:	Friday, September 10, 1999 12:54 PM
To:	'iaik-ssl@iaik.tu-graz.ac.at'
Subject:	Problem with Executing ExtractKeys

I'm trying to execute a modified version of ExtractKeys from behind a 
firewall.
I believe that I've got the connection tunneling through the proxy ok.
I'm trying to extract an SSL key from a third party server which is 
protected with SSL.

The Key extraction is not working properly.

Here's the output:

C:\pcib\scrap>runextractkeys PublicKeyStore.java -host:swww.etrade.com.au 
-rsa
Adding provider IAIK...
Downloading RSA certificate...
Opening SSL connection to swww.etrade.com.au:443...
line0 : HTTP/1.0 200 Connection established
line1 : Proxy-agent: Netscape-Proxy/3.5
line2 :
InputRecord locked.
OutputRecord locked.
starting handshake.
send client_hello...
v3ClientHello, version: 3.0
received server_hello...
Server doesn't want to resume a previous session.
CipherSuite selected by server: SSL_RSA_EXPORT_WITH_RC4_40_MD5
CompressionMethod selected by server: NULL
received Certificate...
A problem occured: Error decoding Certificate: PublicKey algorithm not 
implemented: rsaEncryption
Could not download RSA certificate from swww.etrade.com.au:443!
C:\pcib\scrap>

By restricting the available CipherSuites I am not able to get any further 
and get the same error. The common suites appear to be
CipherSuite.SSL_RSA_EXPORT_WITH_RC4_40_MD5,
CipherSuite.SSL_RSA_WITH_RC4_MD5,
CipherSuite.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
CipherSuite.SSL_RSA_WITH_DES_CBC_SHA,
CipherSuite.SSL_RSA_WITH_3DES_EDE_CBC_SHA,

Other suites give me a "A problem occured: No common cipher suites" error.

Executing with -dh option instead of -rsa gives me a "A problem occured: No 
common cipher suites" error.

Is there anything I can do?

Thanks,
Andrew Roughan

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl