EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP client saying "Required IV not set in key material"

Posted: 03/11/2015 12:17:16
by Nicklas Bergfeldt (Standard support level)
Joined: 12/04/2007
Posts: 19


When using SSH_MA_AES256_GCM the ElSimpleSftpClient demo application says "Sftp connection failed with message [Required IV not set in key material]".

When using SSH_MA_HMAC_SHA2_256 the demo client connects just fine...

"when using ..." means FSSHServer.MacAlgorithms[<selected algorithm>] := true; and all else := false;

Is there something more (obviously) that I need to do in order to use other mac algorithms?

As the server I'm using your ElSFTPServer/ElSSHServer Demo Application
- The server log only says "Error 11" and "SSH connection closed".

Using "SecureBlackbox - version 12.0.266 - Released February 4, 2015"

Best regards,
Posted: 03/12/2015 05:43:17
by Ken Ivanov (Team)

Hi Nicklas,

Thank you for contacting us.

The Secure Shell GCM specification is a bit awkward with regard to the use of AES-GCM ciphers - they assume that AES-GCM can serve both as encryption and MAC algorithms, whereas it is more appropriate to think of them as of opaque encryption algorithms. Therefore please enable the GCM algorithms via the EncryptionAlgorithms property and not through the MACAlgorithms property which will be adjusted automatically in this case:

FSSHServer.EncryptionAlgorithms[SSH_EA_AES256_GCM] := true;

We'll implement some workarounds in the code for the next version 12 update to accept your method of enabling AES-GCM too.





Topic viewed 536 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!