AS2 MDN error (too much data for RSA block)..any inputs?

rmg · October 15, 2013, 11:04pm

Hello Gurus,

Env:IS 712
EDIINT Module:6.5

I am facing this following AS2 MDN error for my EDIINT send request with one specific partner(they use self-signed certificate)

Received EDIINT MDN but failed:

has been [processed/Error: authentication-failed].
Authentication Failure while decoding message. The exception is [java.security.SignatureException: too much data for RSA block]

Both sides certs are in place partner security tab (sign,decrypt,verify) etc…and all the certs serial numbers match.

Never came across this error in my EDIINT experience…

P.S:I have googled and Empowered also with no luck.

Has any one dealt with the above any thoughts on how to resolve it?

Please advise:

TIA,
RMG

Tong_Wang · October 16, 2013, 4:36pm

I guess it’s the encryption Algorithm mismatch.
If you are using TripleDES, DES etc for encryption, and the client is expecting RSA ecrypted data, it will generate this error.
Check if your client’s system is configured to use RSA.
HTH,

rmg · October 16, 2013, 4:46pm

Thanks…They mentioned in the docs as Encryption Algorithm: RC2 128

So now I look back on my side default to Triple DES and now I changed it to use RC2 128 and tried AS2 again.

Still no luck

The exception is [java.security.SignatureException: too much data for RSA block]

Tong_Wang · October 16, 2013, 5:08pm

RC2 is regarded as unsafe algorithm.
Can you ask your client to change to Triple DES.

My guess is that they are actually configured to used something else, not RC2 128 as they claimed

rmg · October 16, 2013, 6:38pm

OK I will check that with TP and post back:

Thanks so far!
RMG

rmg · October 16, 2013, 8:42pm

TP confirmed he changed it to RC2 128 now and still no luck same error persists.

The exception is [java.security.SignatureException: too much data for RSA block]

Any more inputs?

Tong_Wang · October 16, 2013, 9:20pm

read some posts on web, seems there is a length limit on the data that can be encrypted by this algorithm.
You can either try to test with a really small payload,
or switch to use: Triple DES, it doesn’t have length limit.

rmg · October 16, 2013, 9:28pm

It seems we initially both sides has TripleDES and it should have work.

Tried with a smaller payload it didn’t work with RC2 128.

OK now I will ask TP to confirm TripleDES again on both sides and try it (never came across issue with TripleDES except with this particular TP )

HTH,
RMG

rmg · October 17, 2013, 5:00pm

No luck with this error resolution so far even with TripleDES on both sides on the profile.

Any more ideas please?

HTH
RMG

Tong_Wang · October 17, 2013, 5:35pm

when initialize a cipher, there are another two parameters besides algorithm: Mode and Padding
There are default values for the Java platform + security lib used.
The error indicates either the Mode or Padding (most likely) are not matching between two systems. They may have different default values, or one system is explicitly initialized with certain value that the other side doesn’t use.
You may want to open a ticket with SAG for quick resolution. Your TP may also open ticket with their vendor to find the detail too. This is hard to figure out.

rmg · October 17, 2013, 6:23pm

OK seems now its a bottle neck for a quick resolution.

I opened a ticket with SAG support.

Thanks so far!

rmg · October 21, 2013, 9:48pm

Just to update on this.

AS2 thing resolved it turns our some mismatch with our pub key cert and after reloading on the TP side everything went well.

Thanks Tong Wang!

HTH,
RMG