• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

Problem with IIS Encryption and ciphers

I just began supporting an application with a IIS web front end for external clients.  However, I am not actually responsible for setting up the IIS security for clients and do not have any real life experience setting up secured IIS environments using encrypted passwords.

A client of on external implementation of the application gets the following error after entering a password that is required to access a priviledged feature on the site:

com.entrust.security.exceptions.EntrustBaseException: Could not create MAC: Cipher::getInstance(String) - no
Cipher could be found for this algorithm - CAST5/CBC/NoPadding - amongst any of the providers.

I wanted to know if anyone could give me advice on how to troubleshoot this problem.  


0
bcg301
Asked:
bcg301
1 Solution
 
Phil_AgcaoiliCommented:
Since I cann't see your configuration file, I'll give you some definitions to start with, so you can look and determine if you have the following fields filled out correctly..

Cipher-
Encryption and decryption are done using a cipher. A cipher is an object capable of carrying out encryption and decryption according to an encryption scheme (algorithm).

MAC-
A Message Authentication Code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties. A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is specified in RFC 2104.

Typically when I see the error you gave:
com.entrust.security.exceptions.EntrustBaseException: Could not create MAC: Cipher::getInstance(String) - no
Cipher could be found for this algorithm - CAST5/CBC/NoPadding

You have a problem with how you established your MD5 or SHA-1 hash.

Can you give more on what you're running for authentication?  I see Entrust, so what product of theirs are you fully running?
0
 
bcg301Author Commented:
Thank you for your help.  I am in an unusual situtation where I often have to try to help clients of clients.   I usually will not be allowed access to the remote system to even view the configuration.  However, you have given me more direction as to the right questions to ask and when I get more information, I can pass it along.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now