EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SFTP client saying "Required IV not set in key material"

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#32592
Posted: 03/11/2015 12:17:16
by Nicklas Bergfeldt (Standard support level)
Joined: 12/04/2007
Posts: 19

Hello,

When using SSH_MA_AES256_GCM the ElSimpleSftpClient demo application says "Sftp connection failed with message [Required IV not set in key material]".

When using SSH_MA_HMAC_SHA2_256 the demo client connects just fine...

"when using ..." means FSSHServer.MacAlgorithms[<selected algorithm>] := true; and all else := false;

Is there something more (obviously) that I need to do in order to use other mac algorithms?

As the server I'm using your ElSFTPServer/ElSSHServer Demo Application
- The server log only says "Error 11" and "SSH connection closed".

Using "SecureBlackbox - version 12.0.266 - Released February 4, 2015"

Best regards,
Nicklas
#32597
Posted: 03/12/2015 05:43:17
by Ken Ivanov (EldoS Corp.)

Hi Nicklas,

Thank you for contacting us.

The Secure Shell GCM specification is a bit awkward with regard to the use of AES-GCM ciphers - they assume that AES-GCM can serve both as encryption and MAC algorithms, whereas it is more appropriate to think of them as of opaque encryption algorithms. Therefore please enable the GCM algorithms via the EncryptionAlgorithms property and not through the MACAlgorithms property which will be adjusted automatically in this case:

FSSHServer.EncryptionAlgorithms[SSH_EA_AES256_GCM] := true;

We'll implement some workarounds in the code for the next version 12 update to accept your method of enabling AES-GCM too.

Cheers,

Ken

Reply

Statistics

Topic viewed 385 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!