Comments (10)
Perhaps this is caused by the same problem causing defect #27
Are you running 64bit flash?
Original comment by [email protected]
on 28 Oct 2009 at 11:31
from as3crypto.
As far as I know I'm not running it in 64-bit mode. This is happening on a mac
running Leopard.
Original comment by [email protected]
on 28 Oct 2009 at 11:59
from as3crypto.
I'm having the same problem trying to use the verify function. I'm running 32
bit
debug flash on a windows machines, and I've implemented the fix for #27 just in
case.
I'm pretty sure that isn't the issue here.
Original comment by [email protected]
on 20 Jan 2010 at 7:44
from as3crypto.
I bashed my head against this for a while and figured out the problem I was
getting:
I was generating the signature in php and writing it to a file, and I needed to
base_64 encode it first.
in php:
openssl_sign($text, $signature, $private_key);
$signature= base64_encode($signature);
then in flash:
var src:ByteArray =Base64.decodeToByteArray(signature);
var dst:ByteArray = new ByteArray();
verifier.verify(src, dst, src.length);
If you're using a pre generated certificate, there's probably a good chance
that you
have a similar formatting problem. Your signature should consist mainly of
letters
and numbers :
UyaNH1l7O+V5kDGGWlGTapTVREXAHbgGDSiZ7gnSTVAetu43wH6yGa6Hzpb7BHq4sx9vPDHcHHtqnnpZ
BYS8KQ==
and not be something like this:
ÒMP¶î7À~²®Îûz¸³o<1Ü{jzY iY{;åy1ZQjÕDEÀ¸
I'm still working on getting everything to work properly, but I'm no longer
getting
"PKCS#1 unpad: i=0, expected b[i]==[0,1,2], got b[i]=51" errors from
RSAKey.verify
Original comment by [email protected]
on 22 Jan 2010 at 1:57
from as3crypto.
It may be worth checking out this
http://ria101.wordpress.com/2010/06/04/as3crypto-rsa-padding-function-
returned-null-bug-of-death-fix/
Original comment by [email protected]
on 4 Jun 2010 at 4:27
from as3crypto.
In case someone else has the same problem, my test case was :
var data : ByteArray = new ByteArray;
for ( var k : int = 0 ; k < 25000 ; k++ )
data.writeUnsignedInt( uint.MAX_VALUE * Math.random() );
var sha : SHA256 = new SHA256();
var hash : ByteArray = sha.hash( data );
var rsa : RSAKey = RSAKey.generate( 512, "0x10001" );
var signature : ByteArray = new ByteArray;
rsa.sign( hash, signature, hash.length );
var output : ByteArray = new ByteArray;
rsa.verify( signature, output, signature.length );
After a few hours trying to adjust the padding functions, I ran through the
demo code and saw that the second argument of RSAKey.generate take a non
standard hex string "10001 instead of "0x10001".
So i just changed :
var rsa : RSAKey = RSAKey.generate( 512, "0x10001" );
To :
var rsa : RSAKey = RSAKey.generate( 512, "10001" );
And everything worked perfectly.
I felt ashamed for a moment but finally I think the real problem is the missing
documentation. I don't know if it will solve your problem but it can help
someone else.
Original comment by [email protected]
on 28 Jul 2010 at 8:57
from as3crypto.
Adding some data to this issue. I've been taking a second shot at trying to
figure it out, but I think the issue may be in the BigInteger class which is a
little too complicated for me.
The cert I'm trying to use in my application is signed by DigiCert using a cert
of their's with the subject:
"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3"
I've attached the PEM-encoded cert which I used to generate the block I needed
to add to MozillaRootCertificates.as (DigiCertHighAssuranceCA-3.pem). The cert
was exported from Firefox. To get the C code used in the parsing tool
grabRootCAs.pl, I used the command:
> openssl x509 -in DigiCertHighAssuranceCA-3.pem -inform PEM -C
I then used the hex-encoded subject_name variable and performed the
transformation done in grabRootCAs.pl to come up with a subject value of:
MGYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJTAjBgNVBAMTHERpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIENBLTM=
The addPEMCertificate call is in the DigiCert CA-3.txt file.
Once this was complete, I tried connecting to a TLS socket which uses a cert
signed using the certificate I just added. When the code is trying to call
RSAKey.verify on the RSA key in the DigiCert CA-3 certificate, it fails:
PKCS#1 unpad: i=0, expected b[i]==1, got b[i]=5e
TLSEngine shutdown triggered by Error: Decrypt error - padding function
returned null!
Original comment by [email protected]
on 16 Feb 2011 at 8:56
Attachments:
- [DigiCert CA-3.txt](https://storage.googleapis.com/google-code-attachments/as3crypto/issue-26/comment-7/DigiCert CA-3.txt)
- DigiCertHighAssuranceCA-3.pem
from as3crypto.
I have exactly the same issue using an Entrust L1C cert, chained off the
Entrust 2048 root.
Perhaps this is related to some kind of cert chaining issue?
Tracking though the code finally gets me to the failing unpad function where is
appears that the result of the decrypt has resulted in a horribly broken
BigInteger value.
Does anyone have any further insight?
Original comment by [email protected]
on 24 Feb 2011 at 1:42
from as3crypto.
Hi,
I have found the issue and attached a diff that will fix this against the 1.3
branch.
In short the issue is related to chained certs:
isSelfSigned() is broken. The pad function breaks (as it should) but this is
incorrectly handled. This should fail gracefully allowing the code in
isSigned() to chain to the next cert.
Original comment by [email protected]
on 28 Feb 2011 at 6:10
Attachments:
from as3crypto.
Just tried this and it looks like it works for my cert as well. Currently using
the svn checkout version of the library, so had to make some small changes in
the diff.
Thanks for posting this!
Original comment by [email protected]
on 28 Feb 2011 at 5:26
from as3crypto.
Related Issues (20)
- Base64 decode is incorrect when working with double-byte characters
- Constructor of BigInteger doesn't support negative numbers
- CTRMode broken - pads final block even with NullPad
- RSA sign function problem
- PKCS#1 unpad: i=0, expected b[i]==2, got b[i]=3b Error: Decrypt error - padding function returned null! HOT 1
- encrypt in flash / decrypt in java use RSA
- Only 64 bits of IV (initialization vector) are used with CBC
- PKCS 1.5 PADDING
- Difference between demo outputs and local test outputs HOT 2
- Incorrect RC4 generation HOT 1
- Memory leak in Base64 encode
- TLSEngine overflow patch has critical errors
- pkcs1pad crashes in flex application compiled for iOS HOT 2
- new BigInteger("0", 10) is not equal to BigInteger.nbv(0)
- Patch for /trunk/as3crypto/src/com/hurlant/crypto/hash/SHABase.as
- Patch for /trunk/as3crypto/src/com/hurlant/util/asn1/parser/pkcs9unstructuredString.as
- Can we encrypt or descrypt F4V files ?
- Patch for /trunk/as3crypto/src/com/hurlant/crypto/tls/TLSEngine.as
- Word Based AES encryption/decryption
- How to resolve bug RC4 encrypt-decrypt on iPAD with AIR15 only HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from as3crypto.