[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSL error bad decrypt on EVP_DecryptFinal



Beaman, Thomas J. (ARC-IO)[PEROT SYSTEMS] wrote:
> Hi Sampo,
>   I just recently encountered a new error after installing a new CoT, it
> occurs when the IdP sends back the SAML assertion (and something to do
> with an Artifact Response).  Have you seen this one before?
>
> t  zxidlib.c:654 zxid_chk_sig           zx d No signature in Response

Response usually does not need a signature as the Assertion will/should
have a signature.

> t  zxsig.c:318 zx_report_openssl_error  zx E EVP_CipherFinal_ex(): OpenSSL
> error(101077092) error:06065064:digital envelope
> routines:EVP_DecryptFinal:bad decrypt (evp_enc.c:516): ? 0
> (  The encryption method looks like a combination of 128bit-aes+rsa  )

Seems like cryto algo mismatch, controllable from the station.

> Besides double-checking the certs being used are correct, I have no idea
> how to proceed.  Any ideas?

Response usually does not need a signature as the Assertion will/should
have a signature.

Cheers,
--Sampo

> Thanks,
>   Thomas
> ______________________
> Thomas Beaman
> Business Systems Group
> NASA Ames Research Center