[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] BadPaddingException



How can I tell whether I have the right public key to verifiy the
certificate... since I am using my private key to sign the certificate,
and the public key given to me by the server to try and verify it... I
don't know what else to do, since I don't have a public key myself, only a
private (limited) key.

Nell

-------------------------------------------------------------------------------------
http://www.mcs.anl.gov/~rehn

On Wed, 22 Sep 1999, Andreas Sterbenz wrote:

> Most likely you are using an incorrect public key to verify the
> certificate, i.e. not the one corresponding to the private key the
> certificate was signed with.
> 
>  Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at
> 
> -----Ursprüngliche Nachricht-----
> Von: Nell Rehn <nellrehn@midway.uchicago.edu>
> An: <iaik-ssl@iaik.tu-graz.ac.at>
> Gesendet: Montag, 20. September 1999 17:36
> Betreff: [iaik-ssl] BadPaddingException
> 
> 
> > Upon trying to read a certificate chain, I get the following exception:
> >
> > Connecting...
> > Server certificate chain
> > CN=limited proxy, OU=Mathematics and Computer Science Division,
> O=Argonne
> > National Laboratory, O=Globus, C=US
> > java.security.SignatureException: javax.crypto.BadPaddingException:
> > Invalid PKCS#1 padding: no leading zero!
> >         at iaik.security.rsa.RSASignature.engineVerify(Compiled Code)
> >         at java.security.Signature.verify(Compiled Code)
> >         at iaik.x509.X509Certificate.verify(Compiled Code)
> >         at iaik.x509.X509Certificate.verify(Compiled Code)
> >         at
> >
> org.globus.security.GlobusClientTrustDecider.verifyCertificateChain(Compi
> led
> > Code)
> >         at
> > org.globus.security.GlobusClientTrustDecider.isTrustedPeer(Compiled
> Code)
> >         at iaik.security.ssl.x.d(Compiled Code)
> >         at iaik.security.ssl.x.f(Compiled Code)
> >         at iaik.security.ssl.r.c(Compiled Code)
> >         at iaik.security.ssl.SSLSocket.startHandshake(Compiled Code)
> >         at iaik.security.ssl.SSLSocket.getOutputStream(Compiled Code)
> >         at org.globus.security.SSLConnection.connect(Compiled Code)
> >         at org.globus.jgram.Client.doConnect(Compiled Code)
> >         at org.globus.jgram.Client.status_poll(Compiled Code)
> >         at Test.main(Compiled Code)
> > iaik.security.ssl.SSLException: Untrusted Certificate!
> >         at iaik.security.ssl.x.d(Compiled Code)
> >         at iaik.security.ssl.x.f(Compiled Code)
> >         at iaik.security.ssl.r.c(Compiled Code)
> >         at iaik.security.ssl.SSLSocket.startHandshake(Compiled Code)
> >         at iaik.security.ssl.SSLSocket.getOutputStream(Compiled Code)
> >         at org.globus.security.SSLConnection.connect(Compiled Code)
> >         at org.globus.jgram.Client.doConnect(Compiled Code)
> >         at org.globus.jgram.Client.status_poll(Compiled Code)
> >         at Test.main(Compiled Code)
> >
> > Now this certificate is one I have signed myself, with the following
> code:
> >
> >    try {
> > ncert.sign(AlgorithmID.md5WithRSAEncryption,upkey);
> >       } catch (java.security.cert.CertificateException e4) {
> > System.out.println("proxy_sign(): CertificateException: " +
> >    e4.getMessage());
> >       }
> >
> > What am I doing wrong?
> >
> > Thanks,
> > Nell
> >
> > -----------------------------------------------------------------------
> --------------
> > http://www.mcs.anl.gov/~rehn
> >
> >
> > --
> > Mailinglist-archive at
> http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> >
> > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
> folowing content: UNSUBSCRIBE iaik-ssl
> >
> >
> >
> 
> 
> 

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl