[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] BadPaddingException: Invalid PKCS#1 with ssl light



To keep the size of the iSaSiLk Light package to a minimum it does not
contain any certificate handling code and includes the server's public
key hardcoded in the program instead. You seem to be using the wrong
public key which is why the server cannot decrypt the message using its
private key. See the documentation for instructions on how to fix that.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at


-----Ursprüngliche Nachricht-----
Von: "Trevor Lyall" <Trevor.Lyall@relate.se>
An: <mailto:iaik-jce@iaik.at;; <iaik-ssl@iaik.at>
Gesendet: Dienstag, 26. September 2000 09:45
Betreff: [iaik-ssl] BadPaddingException: Invalid PKCS#1 with ssl light


Hi again!

The following is the ssl_debug output from my application. I am using the
iaik_ssl_light within an applet and
when trying to handshake the following error occurs:

ssl_debug(1): Accepted connection from 127.0.0.1/127.0.0.1
ssl_debug(1): Starting handshake...
ssl_debug(1): Received v3 client_hello handshake message.
ssl_debug(1): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(1): Creating new session 3C:45:AF:8B:48:62:6C:15...
ssl_debug(1): CipherSuites supported by the client:
ssl_debug(1): SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethods supported by the client:
ssl_debug(1): NULL
ssl_debug(1): Sending server_hello handshake message.
ssl_debug(1): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): Selecting CompressionMethod: NULL
ssl_debug(1): Sending certificate handshake message with server
certificate...
ssl_debug(1): Sending server_hello_done handshake message...
ssl_debug(1): Received client_key_exchange handshake message.
Unable to decrypt preMasterSecret (PKCS#1 Attack?):
javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading
zero!
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Sending alert: Alert Fatal: bad record mac
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: SSLv3 padding length error:
52
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): Shutting down SSL layer...


Strangely enough another client that uses SSL (from VB) has no problem in
connecting to the server. The
following output comes from the ssl_debug stream with this client:

ssl_debug(1): Accepted connection from 127.0.0.1/127.0.0.1
ssl_debug(1): Starting handshake...
ssl_debug(1): Received v2 client hello message.
ssl_debug(1): Client requested SSL version 3.1, selecting version 3.1.
ssl_debug(1): Creating new session 51:9B:8E:8C:A1:34:D2:85...
ssl_debug(1): CipherSuites supported by the client:
ssl_debug(1): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(1): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(1): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(1): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
ssl_debug(1): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
ssl_debug(1): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(1): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
ssl_debug(1): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): SSL_DHE_DSS_WITH_DES_CBC_SHA
ssl_debug(1): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
ssl_debug(1): CompressionMethods supported by the client:
ssl_debug(1): NULL
ssl_debug(1): Sending server_hello handshake message.
ssl_debug(1): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5
ssl_debug(1): Selecting CompressionMethod: NULL
ssl_debug(1): Sending certificate handshake message with server
certificate...
ssl_debug(1): Sending server_hello_done handshake message...
ssl_debug(1): Received client_key_exchange handshake message.
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed.


HELP!!!!!

Thanks.
/Trev




smime.p7s