|
Hello Lothar, Thank you for quick response. Make sure that you use the same JVM with this test as you use for your JSCH-call. I ran all tests from the application also. String cryptoAlg = "AES";change that to "AES256" and try again. It is not quite correct to replace "AES" with "AES256" based on the following reference: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html Anyway I did few tests with 128, 192, 256 key lengths. All of them are passed successfully. Here are fragments of my code, please write me if I am mistaken: final SecretKeySpec keyspec = new SecretKeySpec(new byte[16], "AES"); final Cipher c = Cipher.getInstance("AES_128/CBC/NoPadding"); final SecretKeySpec keyspec = new SecretKeySpec(new byte[24], "AES"); final Cipher c = Cipher.getInstance("AES_192/CBC/NoPadding"); final SecretKeySpec keyspec = new SecretKeySpec(new byte[32], "AES"); final Cipher c = Cipher.getInstance("AES_256/CBC/NoPadding"); JSch logs failed.txt[...]aes256-cbc is not available. aes192-cbc is not available.[...]kex: server->client aes128-cbc hmac-md5 none kex: client->server aes128-cbc hmac-md5 noneThe server only accepts CBC-based ciphers that are not available with this JVM. Let us assume that aes256-cbc and aes192-cbc are not available but It reports nothing about aes128-cbc availability: kex: server: twofish-cbc,twofish128-cbc,3des-cbc,cast128-cbc,aes256-cbc,aes128-cbc kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc So why it is failed? ----- Sincerely, Nick 11.09.2014 16:53, Lothar Kimmeringer
wrote:
Am 11.09.2014 13:04, schrieb Nick:Also the following test passes fine without any exception:[...]String cryptoAlg = "AES";change that to "AES256" and try again. Make sure that you use the same JVM with this test as you use for your JSCH-call. Your JMV might implicitly use AES-64 since we haven't specified the length.JSch logs failed.txt[...]aes256-cbc is not available. aes192-cbc is not available.[...]kex: server->client aes128-cbc hmac-md5 none kex: client->server aes128-cbc hmac-md5 noneThe server only accepts CBC-based ciphers that are not available with this JVM.JSch logs success.txt[...]aes256-cbc is not available. aes192-cbc is not available.[...]kex: server->client aes128-ctr hmac-md5 none kex: client->server aes128-ctr hmac-md5 noneHere the server also allows CTR-based ciphers that the JVM allows as well. My bet still is on the missing policy files. But Java8 seems to allow a bit more than previous JVMs (the above test was based on). Cheers, Lothar ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users |
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users
