EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElRSAPublicKeyCrypto.Decrypt error Input Too Long

Posted: 12/17/2007 14:32:37
by  Joseph Wallbridge
I have implemented TLS on a sip application. Works fine.
I Have a SipSniffer application that I wrote. I am trying to monitor the data in the TLS packets.
The packet includes the Ethernet and IP and TCP Headers.
This is the syntax that I Am using to decrypt the packet
Crypto.Decrypt(DataArray(), 54, DataSize - 54, Clearbuff, 1400, OutSize)
The error I Get is
"Input is too long"
The dataarray is 1263 Bytes
any help would be greatly appreciated
Regards Tony
Posted: 12/17/2007 14:51:13
by Eugene Mayevski (Team)

What encryption algorithm are you trying to employ?

Sincerely yours
Eugene Mayevski
Posted: 12/17/2007 15:19:57
by  Joseph Wallbridge
Thank you for your prompt reply

I used the same cert and password from the TLS example

Crypto = New TElRSAPublicKeyCrypto
KeyMaterial = New TElRSAKeyMaterial

' certificate
cert = New TElX509Certificate
streamKey = New FileStream(Certificate, FileMode.Open)
certType = TElX509Certificate.DetectCertFileFormat(streamKey)
Select Case certType
Case 1 ' cfDER
cert.LoadFromStream(streamKey, 0)
KeyLoaded = True
Case 2 ' cfPEM
R = cert.LoadFromStreamPEM(streamKey, PassWord, 0)
If R <> 0 Then
errorMsg = "PEM read error: " + R.ToString()
KeyLoaded = True
End If
Case 3 ' cfPFX
R = cert.LoadFromStreamPFX(streamKey, PassWord, 0)
If R <> 0 Then
errorMsg = "PFX read error: " + R.ToString()
KeyLoaded = True
End If
Case Else
errorMsg = "Unsupported certificate file format"
End Select

'setting properties of main class
Crypto.KeyMaterial = KeyMaterial

Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary

Do you need and more infor ?

Regards Joseph Wallbridge
Posted: 12/18/2007 00:13:07
by Eugene Mayevski (Team)

The data is not encrypted using RSA, so your approach is incorrect.

Can you please explain what you are trying to do in general? Are you trying to buld a man-in-the-middle sniffer for TLS-encrypted data? This is not possible with SecureBlackbox.

Sincerely yours
Eugene Mayevski
Posted: 12/18/2007 06:49:16
by  Joseph Wallbridge

Yes That is exactly what I am trying to do.
What do you mean "The data is not encrypted using RSA". How is it encrypted.
Please explain why this is not possible with SecureBackBox

Regards Joseph Wallbridge
Posted: 12/18/2007 07:00:46
by Eugene Mayevski (Team)

I think that you would need to read TLS specification (RFC 2246), and it will answer both of your questions. The data is encrypted using a symmetric key generated for a session. The session key is encrypted and transferred using key exchange algorithm. And RSA is used for authentication of the parties. So it's a bit :) more complex than just encrypting the transferred data using RSA.

It's not possible with SecureBlackbox cause it was designed for protection, not for sniffing. It doesn't provide functions / interfaces for the application to recode the traffic passing by. At least, not without certain changes.

Sincerely yours
Eugene Mayevski
Posted: 12/18/2007 07:21:47
by  Joseph Wallbridge
Thank You Eugene

I am not so much interested in security as in monitoring the SIP packages. I will have to find another way to skin the cat.

Thank you for your Information.

Regards Joseph Wallbridge
Posted: 12/18/2007 10:19:23
by  Joseph Wallbridge
Have found a workaround. Thanks for your help.
One more question if I may. Since I cant see the TLS exchanges, my requirements are for the following TLS flows .
TLS Server TLS Client DoD PKI Server
--> Certificate Request -->
<-- Certificate <--
---Certificate Request -->
<--Certificate <--

--> Hello Request -->
<-- Client Hello <--
--> Server Hello -->
--> Server Certificate -->>
--> Certificate Request -->
--> Server Hello Done -->
<-- Client Certificate -->
<-- Client Key Exchange <--
<-- Certificate Verify <--
--> Finished -->
<--> SIP signaling messages <-->

Could you let me know how I can ensure that the above flows are happening

Regards Joseph Wallbridge
Posted: 12/18/2007 15:10:38
by  Joseph Wallbridge
Thanks for the reference to the RFC

I have read it.
If I am correct the certificate sets the parameters for the handshake and and keys

Our requirement if for


Is ther an example of this in your samples. There are a lot of samples so I would appreciate a pointer to it.

Sorry for the dumb questions. but I dont need to learn how TLS works I just neeed to use it.

Thanks for you patience and help

Regards Joseph Wallbridge



Topic viewed 3022 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!