[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] BadPaddingException





I know what he is doing, and it's this Globus Delegation trick.
The idea is that everybody becomes a CA and creates a certificate for 
its delegate.

CN=Real Name

Then to go to another host, the receipient of that connection (i.e. the
server) creates a private/public key pair and asks the originator of the
connection (i.e. the client) to create certificate with
the name,

CN=Real Name, CN=Proxy

and the public key the server just generated.

This procedure is done at every delegation so that you end up with more
and more "CN=Proxy" Relative Names as you go down the chain of
delegations, i.e.

CN=Real Name, CN=Proxy, CN=Proxy

He should just make sure that he's getting the right public key from the
delegation chain.

At the client end, he just should make sure that he verifies the
certificate with the client's (i.e. his own) public key. (not the one the
server gave him, he put that public key *in* the certificate, he didn't
sign the certificate with it).

-Polar

On Thu, 7 Oct 1999, Gil Peeters wrote:

> 
> 
> Nell Rehn wrote:
> > 
> > ---8<---8<--- Snip Snip ---8<---8<---
> >
> > The client gets the user certificate, checks some information about it.
> > Then it gets the public key from the CertificateRequest with
> > req.getPublicKey().
> 
> So you go the Original Public Key from the 'user certificate(?). 
>  
> > ---8<---8<--- Snip Snip ---8<---8<---
> > then the public key of the new cert is set to the public key of the
> > request.  and I sign the cert with my private key.
> 
> Her e you say you set the pub Key in the Cert to that of the request. Is
> this the and sign it with 'my private key'. Are the Pub and Private keys
> mentioned here from the same KeyPair?
> 
> I think I am still a bit confused about what you are doing.
> 
> > But then immediately after this, if I try to verify the new cert with the
> > public key (of the request), I get the BadPaddingException.
> 
> I would expecet a Verify type exception, but nor a BadPaddingException.
> Hmm. V Strange.
> 
> 
> -------------------------------------------------------------------------------------
> > http://www.mcs.anl.gov/~rehn
> > 
> > >
> > >
> > > Nell Rehn wrote:
> > > >
> > > > How can I tell whether I have the right public key to verifiy the
> > > > certificate... since I am using my private key to sign the certificate,
> > > > and the public key given to me by the server to try and verify it... I
> > > > don't know what else to do, since I don't have a public key myself, only a
> > > > private (limited) key.
> > > >
> > > > Nell
> > > >
> > >
> > > Nell,
> > >
> > > I assume you need to check this in the TrustDecider for the Context. In
> > > the isTrustedPeer() call you get an SSLCertificate veriable. This
> > > variable contains a chain of certificates, whcih you can get using
> > > getCertificateChain(). Normally this contains the whole chain, but some
> > > servers only send the server cert and not the server cert and the CA
> > > that signed it.
> > >
> > > Normally you can assume that the cert at index [n] can be verified using
> > > the public key embedded in the cert at index [i+1]. The all works ontill
> > > you get to the last cert, which is normally self-signed, so you have to
> > > verify the cert wih it's own public key (you can use verify() without
> > > Params).
> > >
> > > This is where the 'how can I turst the last in chain if it is self
> > > signed' question comes into play. Well you don't. The only thing you can
> > > do is either
> > > 1) Ask the user if he wants to accept this Root CA, or
> > > 2) Store a numbe of Root CA's in a KeyStore, or
> > > 3) imbed them in your code, so you can compare them. (This has the
> > > problem that the imbdedded Root CA's could expire. You need to be able
> > > to update the class (Download or something) in this case.
> > >
> > > I am working on a project where I use a combination of 2) and 3). My
> > > application should only connect to one of a number of predefined
> > > servers. So I know what Root CA I should receive. So I imbed this in a
> > > class. If I connect and I get another Root CA, I ask the user if he
> > > wants to use this CA. (THis is if the CA has expired or changed on my
> > > server). If So I keep the new CA in memory for the time that the
> > > application is active. I also download a new version of the class that
> > > included the new Root CA. So the next time the application connects, I
> > > have the New Root CA imbedded.
> > >
> > > Hop that helps.
> > >
> > > Gil.
> > >
> > > > -------------------------------------------------------------------------------------
> > > > http://www.mcs.anl.gov/~rehn
> > > >
> > > > On Wed, 22 Sep 1999, Andreas Sterbenz wrote:
> > > >
> > > > > Most likely you are using an incorrect public key to verify the
> > > > > certificate, i.e. not the one corresponding to the private key the
> > > > > certificate was signed with.
> > > > >
> > > > >  Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at
> > > > >
> > > > > -----Ursprüngliche Nachricht-----
> > > > > Von: Nell Rehn <nellrehn@midway.uchicago.edu>
> > > > > An: <iaik-ssl@iaik.tu-graz.ac.at>
> > > > > Gesendet: Montag, 20. September 1999 17:36
> > > > > Betreff: [iaik-ssl] BadPaddingException
> > > > >
> > > > >
> > > > > > Upon trying to read a certificate chain, I get the following exception:
> > > > > >
> > > > > > Connecting...
> > > > > > Server certificate chain
> > > > > > CN=limited proxy, OU=Mathematics and Computer Science Division,
> > > > > O=Argonne
> > > > > > National Laboratory, O=Globus, C=US
> > > > > > java.security.SignatureException: javax.crypto.BadPaddingException:
> > > > > > Invalid PKCS#1 padding: no leading zero!
> > > > > >         at iaik.security.rsa.RSASignature.engineVerify(Compiled Code)
> > > > > >         at java.security.Signature.verify(Compiled Code)
> > > > > >         at iaik.x509.X509Certificate.verify(Compiled Code)
> > > > > >         at iaik.x509.X509Certificate.verify(Compiled Code)
> > > > > >         at
> > > > > >
> > > > > org.globus.security.GlobusClientTrustDecider.verifyCertificateChain(Compi
> > > > > led
> > > > > > Code)
> > > > > >         at
> > > > > > org.globus.security.GlobusClientTrustDecider.isTrustedPeer(Compiled
> > > > > Code)
> > > > > >         at iaik.security.ssl.x.d(Compiled Code)
> > > > > >         at iaik.security.ssl.x.f(Compiled Code)
> > > > > >         at iaik.security.ssl.r.c(Compiled Code)
> > > > > >         at iaik.security.ssl.SSLSocket.startHandshake(Compiled Code)
> > > > > >         at iaik.security.ssl.SSLSocket.getOutputStream(Compiled Code)
> > > > > >         at org.globus.security.SSLConnection.connect(Compiled Code)
> > > > > >         at org.globus.jgram.Client.doConnect(Compiled Code)
> > > > > >         at org.globus.jgram.Client.status_poll(Compiled Code)
> > > > > >         at Test.main(Compiled Code)
> > > > > > iaik.security.ssl.SSLException: Untrusted Certificate!
> > > > > >         at iaik.security.ssl.x.d(Compiled Code)
> > > > > >         at iaik.security.ssl.x.f(Compiled Code)
> > > > > >         at iaik.security.ssl.r.c(Compiled Code)
> > > > > >         at iaik.security.ssl.SSLSocket.startHandshake(Compiled Code)
> > > > > >         at iaik.security.ssl.SSLSocket.getOutputStream(Compiled Code)
> > > > > >         at org.globus.security.SSLConnection.connect(Compiled Code)
> > > > > >         at org.globus.jgram.Client.doConnect(Compiled Code)
> > > > > >         at org.globus.jgram.Client.status_poll(Compiled Code)
> > > > > >         at Test.main(Compiled Code)
> > > > > >
> > > > > > Now this certificate is one I have signed myself, with the following
> > > > > code:
> > > > > >
> > > > > >    try {
> > > > > > ncert.sign(AlgorithmID.md5WithRSAEncryption,upkey);
> > > > > >       } catch (java.security.cert.CertificateException e4) {
> > > > > > System.out.println("proxy_sign(): CertificateException: " +
> > > > > >    e4.getMessage());
> > > > > >       }
> > > > > >
> > > > > > What am I doing wrong?
> > > > > >
> > > > > > Thanks,
> > > > > > Nell
> > > > > >
> > > > > > -----------------------------------------------------------------------
> > > > > --------------
> > > > > > http://www.mcs.anl.gov/~rehn
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Mailinglist-archive at
> > > > > http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > > > > >
> > > > > > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
> > > > > folowing content: UNSUBSCRIBE iaik-ssl
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > > >
> > > > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl
> > > >
> > >
> > > --
> > > -----------------------------------------------------------------------
> > > Remove the .NOSPAM (DOT included) from my EMail address before replying
> > > -----------------------------------------------------------------------
> > > Gil Peeters
> > > -----------------------------------------------------------------------
> > > Remove the .NOSPAM (DOT included) from my EMail address before replying
> > > -----------------------------------------------------------------------
> > >
> > 
> > --
> > Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > 
> > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl
> > 
> 
> -- 
> -----------------------------------------------------------------------
> Remove the .NOSPAM (DOT included) from my EMail address before replying
> -----------------------------------------------------------------------
> Gil Peeters
> -----------------------------------------------------------------------
> Remove the .NOSPAM (DOT included) from my EMail address before replying
> -----------------------------------------------------------------------
> --
> Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> 
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl
>  
> 

-------------------------------------------------------------------
Polar Humenn                  Adiron, LLC
Principal                     2-212 Center for Science & Technology
mailto:polar@adiron.com       CASE Center/Syracuse University 
Phone: 315-443-3171           Syracuse, NY 13244-4100
Fax:   315-443-4745           http://www.adiron.com


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl