[SNMP4J] Problem in KeyChange.
Frank Fock
fock at agentpp.com
Thu Jan 3 09:56:30 CET 2008
Hi Ravi,
I wish you a Happy New Year 2008 too,
and nice to hear that it works now.
I have CCed on the list, so that others
can see the solution too.
Best regards,
Frank
ravi kumar wrote:
> Hi Frank Fock,
>
> Wish U very Happy New year 2008.
>
>
> No. I am using the version as 1.8.2.
>
> I downloaded the latest one and everything is working fine.
>
> I get wonderful supports from you to comes out this problem and your
> genenious software is working fine.
>
> I wish Grow your Business in a lot in the comming year.
>
>
> Thanks
> Ravi
>
> On Jan 2, 2008 5:40 PM, Frank Fock <fock at agentpp.com
> <mailto:fock at agentpp.com>> wrote:
>
> Hi Ravi,
>
> Sorry, I made a mistake. In the latest
> passwordToKey method the key is already
> truncated to the maximum privacy protocol
> key length. So this should not be the
> problem.
>
> In any case, please look into your code
> carefully twice, before sending it on the
> list. It is somewhat tedious to fix other
> peoples code typos without getting paid
> for. In your code, your are computing
> a delta between the old passwords (not
> between old and new). So this would not
> get any usable result anyway.
>
> Besides that, you are right, that the
> value of 20 belongs to the auth protocol,
> but the key you are trying to generate
> is for the privacy protocol.
>
> Are you using version 1.9 RC2?
> The 1.8.2 and previous versions may not
> correctly work here (we have improved the
> delta computation for variable length keys
> lately and improved the code on the fly).
>
> Best regards,
> Frank
>
>
> ravi kumar wrote:
> > Hi Frank,
> >
> > Thanks for your response.
> >
> > I have generated the privkey for the user whose privacy is AES256,
> > using SecurityProtocols.passwordToKey() method call. But this
> gives me
> > 32 byte privkey. I didn't see the method like "changeDelta()",
> > SecurityProtocols class. So that I am using AuthSHA.changeDelta().
> >
> > You are asking me to truncate the key into 20 bytes before passing to
> > the AuthSHA.changeDelta() method call. If so, I didn't get the
> actual
> > key value for privacy right?
> >
> > For keychange I am using is as follows,
> >
> > byte oldPrivkey[] = protocols.passwordToKey(privProtocol,
> > authProtocol , new OctetString(oldPass), engineID );
> > byte newPrivkey[] = protocols.passwordToKey(privProtocol,
> > authProtocol , new OctetString(oldPass), engineID );
> >
> > //Here, If I am truncating keys into 20 byes, I am not able to
> > calculate the changeDelta for AES256. Because its length is 32 byte.
> > // PrivKey Change.
> > byte privKeyChange[] = AuthSHA.changeDelta(oldPrivkey, newPrivkey,
> > random);
> >
> >
> > I hope you need to provide an additional method for changeDelta() in
> > SecurityProtocols or existing method will handle the 32 bytes so
> that I
> > can able to get the correct delat value.
> >
> > I really confussed, please correct the code snippet and help me
> to come
> > out the problem.
> >
> > Your timely help will really appreciated.
> >
> > Thanks
> > Ravikumar.
> > On Dec 29, 2007 8:57 PM, Frank Fock < fock at agentpp.com
> <mailto:fock at agentpp.com>
> > <mailto: fock at agentpp.com <mailto:fock at agentpp.com>>> wrote:
> >
> > Hi Ravi,
> >
> > before you call "changeDelta" you have to make
> > sure that old and new key are not longer than
> > the key size supported by the used authentication
> > protocol. In case of AES256 there will be
> > longer keys returned by
> > SecurityProtocols.passwordToKey as SHA can support.
> >
> > You can simply truncate the keys.
> >
> > Best regards,
> > Frank
> >
> > ravi kumar wrote:
> > > Hi Gene, Fock,
> > >
> > > I got the following debug message, Please look into this and
> > help me ..
> > >
> > > SHA-1First digest:
> > > 9f:b5:cc:03:81:49:7b:37:93:52:89:39:ff:78:8d:5d:79:14:52:11
> > > SHA-1localized key:
> > > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1First digest:
> > > 9f:b5:cc:03:81:49:7b:37:93:52:89:39:ff:78:8d:5d:79:14:52:11
> > > SHA-1localized key:
> > > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1oldKey:
> > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1newKey:
> > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1random:
> > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
> > >
> >
> SHA-1keyChange:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:82:67
> >
> > >
> > > :35:86:16:15:4a:4c:df:7a:be:a6:48:e3:74:2c:00:07:32:4b
> > > authkey Changeis
> > > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:82
> > > :67:35:86:16:15:4a:4c:df:7a:be:a6:48:e3:74:2c:00:07:32:4b
> > > SHA-1First digest:
> > > 9f:b5:cc:03:81:49:7b:37:93:52:89:39:ff:78:8d:5d:79:14:52:11
> > > SHA-1localized key:
> > > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1First digest:
> > > 9f:b5:cc:03:81:49:7b:37:93:52:89:39:ff:78:8d:5d:79:14:52:11
> > > SHA-1localized key:
> > > 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f
> > > SHA-1oldKey:
> > >
> 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f:50:5e:0
> > > 7:eb:9a:f2:55:68:fa:1f:5d:be
> > > SHA-1newKey:
> > >
> 66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f:50:5e:0
> > > 7:eb:9a:f2:55:68:fa:1f:5d:be
> > > SHA-1random:
> > >
> 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0
> > > 0:00:00:00:00:00:00:00:00:00
> > > Exception in thread "main"
> > java.lang.ArrayIndexOutOfBoundsException: 20
> > > at org.snmp4j.security.AuthGeneric.changeDelta
> > > (AuthGeneric.java:181)
> > > at KeyChangeManager.main (KeyChangeManager.java:71)
> > >
> > > Please look into this and help me out.
> > >
> > > Cheers
> > > Ravikumar
> > >
> > > On Dec 29, 2007 1:03 AM, Eugene R. Snider < gene at cvtt.net
> <mailto:gene at cvtt.net>
> > <mailto:gene at cvtt.net <mailto:gene at cvtt.net>>
> > > <mailto:gene at cvtt.net <mailto:gene at cvtt.net>
> <mailto:gene at cvtt.net <mailto:gene at cvtt.net>>>> wrote:
> > >
> > > Check your return value from passwordToKey since I
> suspect
> > this is the
> > > root cause of the problem.
> > >
> > > Create an instance of the logger and tu debugging on. This
> > will provide
> > > additional log output from the AuthGeneric class to
> assist in
> > > debugging.
> > >
> > > Gene
> > >
> > > private static final LogAdapter logger =
> > > LogFactory.getLogger(AuthGeneric.class);
> > >
> > >
> > > ravi kumar wrote:
> > > > Hi Frank,
> > > >
> > > > Please let me know do you have any idea about why the
> > exception
> > > > occur? . Whether I made any mistakes in my code.
> > > >
> > > > Your thoughts on this issue will be highly
> appreciated.
> > > >
> > > > Cheers
> > > > Ravi.
> > > >
> > > > On Dec 24, 2007 1:15 PM, ravi kumar
> > < ravikumar1984 at gmail.com <mailto:ravikumar1984 at gmail.com>
> <mailto:ravikumar1984 at gmail.com <mailto:ravikumar1984 at gmail.com>>
> > > <mailto: ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>
> > <mailto: ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>>>
> > > > <mailto:ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>
> > <mailto: ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>>
> > > <mailto: ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>
> > <mailto:ravikumar1984 at gmail.com
> <mailto:ravikumar1984 at gmail.com>>>>> wrote:
> > > >
> > > > Hi Frank Fock,
> > > >
> > > > I just go through the API docs and write an
> > application to
> > > > genarate the AuthKeyChange and privKeyChange value.
> > But I facing
> > > > ArrayIndexoutOfBoundsException. Herewith I have
> > attached the code
> > > > snippet, you help me to come out from this issue.
> > > >
> > > > The exception I am facing is
> > > >
> > > > Exception in thread "main"
> > > > java.lang.ArrayIndexOutOfBoundsException: 20
> > > > at
> org.snmp4j.security.AuthGeneric.changeDelta
> > > (Unknown Source)
> > > > at KeyChangeManager.main
> > (KeyChangeManager.java:51)
> > > >
> > > > Your helps really appreciated.
> > > >
> > > > Look forward your response.
> > > >
> > > > code snippet is :-
> > > >
> > > > import java.io.*;
> > > > import java.util.* ;
> > > > import org.snmp4j.*;
> > > > import org.snmp4j.smi.* ;
> > > > import org.snmp4j.Snmp.*;
> > > > import org.snmp4j.security.*;
> > > > import org.snmp4j.mp.SnmpConstants;
> > > > import org.snmp4j.Snmp;
> > > >
> > > > public class KeyChangeManager
> > > >
> > > > {
> > > > public static void main(String args[])
> > > > {
> > > > OID authProtocol= AuthSHA.ID;
> > > > OID privProtocol= PrivAES256.ID;
> > > > String oldPass="maplesyrup";
> > > > String newPass="newsyrup";
> > > >
> > > >
> > > > //'00000000 00000000 00000002'H
> > > > byte engineID[] = new byte[] {(byte)0x00,
> > (byte)0x00 ,
> > > > (byte)0x00 , (byte)0x00 , (byte)0x00 ,
> (byte)0x00 ,
> > (byte)0x00 ,
> > > > (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 ,
> > (byte)0x02};
> > > >
> > > > //'00000000 00000000 00000000 00000000
> > 00000000 00000000
> > > > 00000000 00000000'H
> > > > byte random[] = new byte[] { (byte)0x00,
> > (byte)0x00,
> > > > (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
> (byte)0x00,
> > > > (byte)0x00, (byte)0x00, (byte)0x00,
> > (byte)0x00,(byte)0x00,
> > > > (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00,
> (byte)0x00,
> > > > (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
> > (byte)0x00,
> > > > (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
> > > > (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
> (byte)0x00,
> > > > (byte)0x00 };
> > > >
> > > >
> > > > //'00000000 00000000 00000000
> 00000000
> > > 00000000 'H
> > > > byte randomForAuth[] = new byte[] {
> (byte)0x00,
> > > > (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00,
> (byte)0x00,
> > > > (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
> > > > (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
> > > > (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
> (byte)0x00,
> > > > (byte)0x00 };
> > > >
> > > > SecurityProtocols protocols =
> > > SecurityProtocols.getInstance();
> > > > protocols.addDefaultProtocols ();
> > > >
> > > > /********************** For AuthKey
> > > > *******************************/
> > > >
> > > > //Generate Localized keys.
> > > > byte oldAuthkey[] =
> > > protocols.passwordToKey(authProtocol ,
> > > > new OctetString(oldPass), engineID );
> > > > byte newAuthkey[] =
> protocols.passwordToKey
> > > > (authProtocol , new OctetString(oldPass),
> engineID );
> > > >
> > > > // AuthKey Change.
> > > > AuthSHA sha = new AuthSHA();
> > > > byte keyChange[] =
> sha.changeDelta(oldAuthkey,
> > > > newAuthkey, randomForAuth);
> > > > System.out.println (" authkey
> > Changeis " + new
> > > > OctetString( keyChange ).toHexString() );
> > > >
> > > >
> > > > /******************* For PrivKey
> > > > *************************************/
> > > >
> > > > //Generate Localized keys. - For privacy.
> > > > byte oldPrivkey[] =
> > > > protocols.passwordToKey(privProtocol,
> authProtocol , new
> > > > OctetString(oldPass), engineID );
> > > > byte newPrivkey[] =
> > > > protocols.passwordToKey(privProtocol,
> authProtocol , new
> > > > OctetString(oldPass), engineID );
> > > >
> > > > // PrivKey Change.
> > > > byte privKeyChange[] =
> > sha.changeDelta(oldPrivkey,
> > > > newPrivkey, random);
> > > > System.out.println ("
> privKeyChange
> > is " + new
> > > > OctetString( privKeyChange ).toHexString() );
> > > >
> > > > }
> > > > }
> > > >
> > > > Cheers
> > > > Ravi.
> > > >
> > > >
> > > >
> > > > On Dec 23, 2007 1:05 AM, Frank Fock <
> fock at agentpp.com <mailto:fock at agentpp.com>
> > <mailto:fock at agentpp.com <mailto:fock at agentpp.com>>
> > > <mailto:fock at agentpp.com <mailto:fock at agentpp.com>
> <mailto:fock at agentpp.com <mailto:fock at agentpp.com>>>
> > > > <mailto:fock at agentpp.com
> <mailto:fock at agentpp.com> <mailto:fock at agentpp.com
> <mailto:fock at agentpp.com>>
> > <mailto:fock at agentpp.com <mailto:fock at agentpp.com>
> <mailto:fock at agentpp.com <mailto:fock at agentpp.com>>>>> wrote:
> > > >
> > > > Hi Ravi,
> > > >
> > > > SNMP4J of course supports key changes. See the
> > passwordToKey
> > > > and changeDelta methods of
> > > >
> > > >
> > >
> >
> http://www.snmp4j.org/doc/org/snmp4j/security/AuthenticationProtocol.html
> <http://www.snmp4j.org/doc/org/snmp4j/security/AuthenticationProtocol.html>
> >
> <http://www.snmp4j.org/doc/org/snmp4j/security/AuthenticationProtocol.html>
> > > >
> > > > For AES256 key expansion is needed, for
> > convenience you
> > > can use
> > > >
> > > >
> > >
> >
> http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey(org.snmp4j.smi.OID
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID>
> >
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID>>
> > > <
> >
> http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID>>
> > > >
> > > <
> >
> http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID>
> > > <
> >
> http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID
> <http://www.snmp4j.org/doc/org/snmp4j/security/SecurityProtocols.html#passwordToKey%28org.snmp4j.smi.OID>>>,
> > > > org.snmp4j.smi.OID, org.snmp4j.smi.OctetString,
> > byte[])
> > > >
> > > > which does the key expansion for you
> according to
> > the auth
> > > > protocol you are using.
> > > >
> > > > Best regards,
> > > > Frank
> > > >
> > > > ravi kumar wrote:
> > > > > Hi,
> > > > >
> > > > > Thanks for your response. I would like
> to know
> > Snmp4j
> > > > supports KeyChange
> > > > > process. If so, I will use this one. Is there
> > any help
> > > > documentation or
> > > > > examples are available?.
> > > > >
> > > > > Thanks
> > > > > Ravi
> > > > >
> > > > > On Dec 22, 2007 5:34 AM, Eugene R. Snider
> > > <gene at cvtt.net <mailto:gene at cvtt.net>
> <mailto:gene at cvtt.net <mailto:gene at cvtt.net>> <mailto: gene at cvtt.net
> <mailto:gene at cvtt.net>
> > <mailto:gene at cvtt.net <mailto:gene at cvtt.net>>>
> > > > <mailto: gene at cvtt.net
> <mailto:gene at cvtt.net> <mailto:gene at cvtt.net <mailto:gene at cvtt.net>>
> > <mailto:gene at cvtt.net <mailto:gene at cvtt.net>
> <mailto:gene at cvtt.net <mailto:gene at cvtt.net>>>>> wrote:
> > > > >
> > > > >> Personally I think you should use the SNMP4j
> > API since
> > > that
> > > > will greatly
> > > > >> improve the liklihood of getting support
> on the
> > SNMP4j
> > > > mailing list.
> > > > >> Gene
> > > > >>
> > > > >> ravi kumar wrote:
> > > > >>> Hi All,
> > > > >>>
> > > > >>> I am using AdventNet SNMP API.
> > > > >>>
> > > > >>> ....
> > > > >>> ---- Look forward your thoughts. ----------
> > > > >>> Cheers
> > > > >>> Ravikumar
> > > > >>>
> _______________________________________________
> > > > >>> SNMP4J mailing list
> > > > >>> SNMP4J at agentpp.org
> <mailto:SNMP4J at agentpp.org> <mailto:SNMP4J at agentpp.org
> <mailto:SNMP4J at agentpp.org>>
> > <mailto: SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>>
> > > <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto: SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>
> > <mailto: SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>>>
> > > > >>>
> http://lists.agentpp.org/mailman/listinfo/snmp4j
> > > > <
> http://lists.agentpp.org/mailman/listinfo/snmp4j>
> > > > >>>
> > > > >
> _______________________________________________
> > > > > SNMP4J mailing list
> > > > > SNMP4J at agentpp.org
> <mailto:SNMP4J at agentpp.org> <mailto:SNMP4J at agentpp.org
> <mailto:SNMP4J at agentpp.org>>
> > <mailto: SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>>
> > > <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto: SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>
> > <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
> <mailto:SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>>>>
> > > > >
> http://lists.agentpp.org/mailman/listinfo/snmp4j
> > > >
> > > > --
> > > > AGENT++
> > > > http://www.agentpp.com <http://www.agentpp.com>
> > > > http://www.mibexplorer.com
> > > > http://www.mibdesigner.com
> <http://www.mibdesigner.com>
> > > >
> > > >
> > > >
> > >
> > >
> >
> > --
> > AGENT++
> > http://www.agentpp.com
> > http://www.mibexplorer.com
> > http://www.mibdesigner.com
> >
> >
>
> --
> AGENT++
> http://www.agentpp.com
> http://www.mibexplorer.com <http://www.mibexplorer.com>
> http://www.mibdesigner.com
>
>
--
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the SNMP4J
mailing list