Problem with IIS Encryption and ciphers

Posted on 2005-03-22
Medium Priority
Last Modified: 2013-12-04
I just began supporting an application with a IIS web front end for external clients.  However, I am not actually responsible for setting up the IIS security for clients and do not have any real life experience setting up secured IIS environments using encrypted passwords.

A client of on external implementation of the application gets the following error after entering a password that is required to access a priviledged feature on the site:

com.entrust.security.exceptions.EntrustBaseException: Could not create MAC: Cipher::getInstance(String) - no
Cipher could be found for this algorithm - CAST5/CBC/NoPadding - amongst any of the providers.

I wanted to know if anyone could give me advice on how to troubleshoot this problem.  

Question by:bcg301
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Accepted Solution

Phil_Agcaoili earned 2000 total points
ID: 13606130
Since I cann't see your configuration file, I'll give you some definitions to start with, so you can look and determine if you have the following fields filled out correctly..

Encryption and decryption are done using a cipher. A cipher is an object capable of carrying out encryption and decryption according to an encryption scheme (algorithm).

A Message Authentication Code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties. A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is specified in RFC 2104.

Typically when I see the error you gave:
com.entrust.security.exceptions.EntrustBaseException: Could not create MAC: Cipher::getInstance(String) - no
Cipher could be found for this algorithm - CAST5/CBC/NoPadding

You have a problem with how you established your MD5 or SHA-1 hash.

Can you give more on what you're running for authentication?  I see Entrust, so what product of theirs are you fully running?

Author Comment

ID: 13606686
Thank you for your help.  I am in an unusual situtation where I often have to try to help clients of clients.   I usually will not be allowed access to the remote system to even view the configuration.  However, you have given me more direction as to the right questions to ask and when I get more information, I can pass it along.

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question