[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] KeyManager blues




Yes, the certificate contains a RSA public key, and as you can see
the selected cipher was SSL_RSA_EXPORT_WITH_RC4_40_MD5.

Here is a dump of the cert:

[
  Version: V1
  Subject: CN=faraday.itplus.dk, OU=rd, O=itplus, L=aarhus, ST=jylland,
C=DK
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  IBMJCA RSA Public Key:
modulus:
77882567438233138787143834141935168933932912097205857930484065863359180814750590821868613931392635244502281540981780446720170303431255220919390179615056099475872072490044595342460640510521544651528224755488783296957083284427565401133921421888478530156822356869769974904545097516411757794891899112021049764939
public exponent:
65537

  Validity: [From: Tue Aug 07 02:00:00 CEST 2001,
               To: Wed Aug 22 01:59:59 CEST 2001]
  Issuer: OU=For VeriSign authorized testing only. No assurances
(C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab.
LTD., O="VeriSign, Inc"  SerialNumber: [    5b2238f8 41d3d7b8 9c9fa975
c8ad13e3 ]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 68 E9 45 9F 23 AF F9 A2   FE 39 DD 29 3A 08 ED 2C 
h.E.#....9.):..,
0010: 22 84 5C C6 D5 76 49 ED   AF 01 5F 0F 06 99 2F B6 
".\..vI..._.../.
0020: B5 0E E0 F2 8A 6C B1 42   E8 C7 57 8D 03 C4 65 F1 
.....l.B..W...e.
0030: FD BC 1E F2 B9 CC 7F A7   D1 6A 81 CD 6A E8 37 6F 
.........j..j.7o
]
 

--Søren

Polar Humenn wrote:
> 
> The KeyManager thing seems to only look for keys and certificates that
> can match the cipher suite. ( wonder if it even looks at the "trusted
> authority"). Are you sure you have a certificate compatible with the
> ciphersuite that was selected?
> 
> -Polar
> 
>  On Wed, 15 Aug 2001, [iso-8859-1] Søren Hilmer wrote:
> 
> > Hi,
> >
> > I am trying to use JSSE with IAIK_JSSE as the underlying provider.
> > I have one problem though, the Client SSL connection does not seam
> > to be able to find a key/cert for doing client authentication.
> >
> > What I have is a keytool generated keystore, with an imported
> > Verisign test certificate and rootcertificate.
> >
> > I then do:
> >
> > ctx = SSLContext.getInstance("SSLv3", "IAIK_JSSE");
> >
> > ks = KeyStore.getInstance("JKS");
> > ks.load(new FileInputStream(keyStore),
> >         keyStorePassword.getCharArray());
> >
> > kmf = KeyManagerFactory.getInstance("SunX509");
> > kmf.init(ks, keyPassword.getCharArray());
> > km = kmf.getKeyManagers();
> >
> > /*dumping of the keyManagers certifiCateChain, seams ok! (code removed
> > for clarity)*/
> >
> > /*initialisation of trust manager removed for clarity */
> >
> > ctx.init(km,tms, null);
> >
> > /*socket/socketfactory creation code removed for clarity */
> >
> >
> > This should be fairly straightforward, but when run I get:
> >  [java] _____________________________________________
> >  [java]
> >  [java] installing IAIK JSSE provider
> >  [java] This is only an early beta release!
> >  [java] Be sure to use the right iSaSiLk version
> >  [java] _____________________________________________
> >  [java]
> >  [java] IAIKJSSEProvider.getProperty SSLContext.SSLv3
> >  [java] returning: iaik.security.jsse.IAIKSSLContextSSLv3
> >  [java] IAIKSSLContext.enigneInit()
> >  [java] IAIKSSLContext.engineGetSocketFactory()
> >  [java] SSLSocketFactory Constructor called
> >  [java] New Context : KeyManager
> >  [java] JSSE CCTX
> >  [java] Creating Socket 127.0.0.1:2000
> >  [java] ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
> >  [java] ssl_debug(1): Sending v3 client_hello message, requesting
> > version 3.0...
> >  [java] ssl_debug(1): Received v3 server_hello handshake message.
> >  [java] ssl_debug(1): Server selected SSL version 3.0.
> >  [java] ssl_debug(1): Server created new session
> > 73:9A:15:01:21:1B:01:B5...
> >  [java] ssl_debug(1): CipherSuite selected by server:
> > SSL_RSA_EXPORT_WITH_RC4_40_MD5
> >  [java] ssl_debug(1): CompressionMethod selected by server: NULL
> >  [java] ssl_debug(1): Received certificate handshake message with server
> > certificate.
> >  [java] ssl_debug(1): Server sent a 1023 bit RSA certificate, chain has
> > 2 elements.
> >  [java] Verify chain ...
> >  [java] ssl_debug(1): Received server_key_exchange handshake message.
> >  [java] ssl_debug(1): Received certificate_request handshake message.
> >  [java] ssl_debug(1): Accepted certificate types: RSA, DSA
> >  [java] ssl_debug(1): Accepted certificate authorities:
> >  [java] ssl_debug(1):   (empty list)
> >  [java] ssl_debug(1): Received server_hello_done handshake message.
> >  [java] ssl_debug(1): No client certificate available, sending
> > no_certificate warning...
> >  [java] ssl_debug(1): Sending alert: Alert Warning: no certificate
> >  [java] ssl_debug(1): Sending client_key_exchange handshake message (512
> > bit)...
> >  [java] ssl_debug(1): Sending change_cipher_spec message...
> >  [java] ssl_debug(1): Exception sending message: java.io.IOException:
> > Broken pipe
> >
> >
> > Hope someone can help
> >    Søren
> >
> >
> > "When in doubt, it's a classpath problem."
> >
> > ----------------------------------------------------------------------
> > Søren Hilmer, M.Sc.
> > R&D manager                             Phone:  +45 86 78 21 00
> > IT+ A/S                                       Fax:    +45 86 78 21 02
> > Brendstrupgårdsvej 7                    Direct: +45 87 40 08 44
> > 8200 Århus N                            Email:  sh@itplus.dk
> > Denmark                                 WWW:    http://www.itplus.dk
> > ----------------------------------------------------------------------
> > --
> > Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
> >
> >
> 
> -------------------------------------------------------------------
> Polar Humenn                  Adiron, LLC
> mailto:polar@adiron.com       2-212 CST
> Phone: 315-443-3171           Syracuse, NY 13244-4100
> Fax:   315-443-4745           http://www.adiron.com

-- 

"When in doubt, it's a classpath problem."

----------------------------------------------------------------------
Søren Hilmer, M.Sc. 
R&D manager                             Phone:  +45 86 78 21 00
IT+ A/S                                	Fax:    +45 86 78 21 02   
Brendstrupgårdsvej 7                    Direct: +45 87 40 08 44
8200 Århus N                            Email:  sh@itplus.dk
Denmark                                 WWW:    http://www.itplus.dk 
----------------------------------------------------------------------
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl