AS2 MDN error (too much data for RSA block)..any inputs?

, ,
1

Hello Gurus,

Env:IS 712
EDIINT Module:6.5

I am facing this following AS2 MDN error for my EDIINT send request with one specific partner(they use self-signed certificate)

Received EDIINT MDN but failed:

has been [processed/Error: authentication-failed].
Authentication Failure while decoding message. The exception is [java.security.SignatureException: too much data for RSA block]

Both sides certs are in place partner security tab (sign,decrypt,verify) etc…and all the certs serial numbers match.

Never came across this error in my EDIINT experience…

P.S:I have googled and Empowered also with no luck.

Has any one dealt with the above any thoughts on how to resolve it?

Please advise:

TIA,
RMG

2

I guess it’s the encryption Algorithm mismatch.
If you are using TripleDES, DES etc for encryption, and the client is expecting RSA ecrypted data, it will generate this error.
Check if your client’s system is configured to use RSA.
HTH,

3

Thanks…They mentioned in the docs as Encryption Algorithm: RC2 128

So now I look back on my side default to Triple DES and now I changed it to use RC2 128 and tried AS2 again.

Still no luck :frowning:

The exception is [java.security.SignatureException: too much data for RSA block]

4

RC2 is regarded as unsafe algorithm.
Can you ask your client to change to Triple DES.

My guess is that they are actually configured to used something else, not RC2 128 as they claimed

5

OK I will check that with TP and post back:

Thanks so far!
RMG

6

TP confirmed he changed it to RC2 128 now and still no luck same error persists.

The exception is [java.security.SignatureException: too much data for RSA block]

Any more inputs?

7

read some posts on web, seems there is a length limit on the data that can be encrypted by this algorithm.
You can either try to test with a really small payload,
or switch to use: Triple DES, it doesn’t have length limit.

8

It seems we initially both sides has TripleDES and it should have work.

Tried with a smaller payload it didn’t work with RC2 128.

OK now I will ask TP to confirm TripleDES again on both sides and try it (never came across issue with TripleDES except with this particular TP :smiley: )

HTH,
RMG

9

No luck with this error resolution so far even with TripleDES on both sides on the profile. :frowning:

Any more ideas please?

HTH
RMG

10

when initialize a cipher, there are another two parameters besides algorithm: Mode and Padding
There are default values for the Java platform + security lib used.
The error indicates either the Mode or Padding (most likely) are not matching between two systems. They may have different default values, or one system is explicitly initialized with certain value that the other side doesn’t use.
You may want to open a ticket with SAG for quick resolution. Your TP may also open ticket with their vendor to find the detail too. This is hard to figure out.

11

OK seems now its a bottle neck for a quick resolution.

I opened a ticket with SAG support.

Thanks so far!

12

Just to update on this.

AS2 thing resolved it turns our some mismatch with our pub key cert and after reloading on the TP side everything went well.

Thanks Tong Wang!

HTH,
RMG