|
Forums -> Security Library Forum
SSLv3 Handshake with Mentalis Sec Lib. |
|
|
by A.Paventhan [paventhan at yahoo dot com] posted on 2004/04/20 |
|
I am providing the GSSAPI handshake
using Java (This is Commodity Grid
Kit) part of Globus distribution.
Supports X.509 certificate based
mutual authentication.
When I tried debugging this java code
I did come across TLS_RSA_WITH_NULL_MD5
and SSL_V3_Version macros.
Also, the credential used holds
PrivateKey which is defined part of
the Java packages. The key is mangled
using PKCS8 (dont know why).
Given the following code sequence,
I would like to know whether
Mentalis SecLin can provide a C#.NET
equivalent as of its current release.
Please also let me know
whether I can use Mentalis lib
along with CryptoAPI. If so, please
provide me the details.
Thanks.
write(new Command("AUTH", "GSSAPI"));
88
89 Reply reply0 = null;
90 try {
91 reply0 = read();
92 } catch (FTPReplyParseException rpe) {
93 throw ServerException.embedFTPReplyParseException(
94 rpe,
95 "Received faulty reply to AUTH GSSAPI");
96 }
97
98 if (! Reply.isPositiveIntermediate(reply0)) {
99 close();
100 throw ServerException.embedUnexpectedReplyCodeException(
101 new UnexpectedReplyCodeException(reply0),
102 "Server refused GSSAPI authentication.");
103 }
104
105 GSSManager manager = ExtendedGSSManager.getInstance();
106
107 GSSContext context = null;
108 GridFTPOutputStream gssout = null;
109 GridFTPInputStream gssin = null;
110
111 try {
112 context = manager.createContext(null,
113 GSSConstants.MECH_OID,
114 credential,
115 GSSContext.DEFAULT_LIFETIME);
116 context.requestCredDeleg(true);
117
118 gssout = new GridFTPOutputStream(ftpOut, context);
119 gssin = new GridFTPInputStream(rawFtpIn, context);
120
121 byte [] inToken = new byte[0];
122 byte [] outToken = null;
123
124 while( !context.isEstablished() ) {
125 |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2004/05/13 |
|
> Given the following code sequence,
> I would like to know whether
> Mentalis SecLib can provide a C#.NET
> equivalent for this as of its current release.
No, the Mentalis.org library is not a GSS API implementation. It works more
like Java's SSLServerSocket and SSLSocket. It allows you to adjust some SSL
options [ie certificates, ciphers used, etc.] but it doesn't show any of the
low level details. The code you pasted in your email loops manually through
the handshake -- this can't be done with our library because it's done for
you automatically in the background.
Also, our library does not support unencrypted sessions, so it
doesn't support TLS_RSA_WITH_NULL_MD5.
> Please also let me know
> whether I can use Mentalis lib
> along with CryptoAPI. If so, please
> provide me the details.
You can always P/Invoke to Microsoft's implementation of the GSS API [called
the SSPI API]. This is actually what we did in one of the older versions of
the library. You can still download this older version from
http://www.mentalis.org/soft/projects/seclib/older.qpx but keep in mind that
this version of the library contains some known bugs. However, it includes
many of the SSPI API declarations so this should definitely help you on your
way.
However, get ready for quite some work if you're planning to get the SSPI
working properly. The API is horribly documented [there are tons of mistakes
in the docs; in fact, I've seen Microsoft developers recommend to not read
the SSPI documentation at all but look at the example projects instead] and
it behaves differently from Windows version to Windows version [due to bugs,
high-encryption updates, etc]. This is the reason why we finally abandoned
the SSPI for our C# SSL implementation.
|
by shih-chung lin [sjklin at cisco dot com] posted on 2005/11/01 |
|
Is anybody tell me how to use mentalis.org seclib library code to load pkcs8 private key format? I know I have no problem to load pfx format or pvk format with seclib library code. But I could not load pkcs8 format. Please, help me on this issue. Thanks. |
|
|