mendelson opensource OFTP2

In reply to Odette Password settings Leon1984, you cannot set it as it is useless and grants no security. Every inbound password is accepted by the mendelson OFTP2. The passwords content max length is 8 characters and no special chars are allowed in it... Regards Log in or register to post comments

Dear Support, I am a new user of OFTP2 software. My Partner is using an Odette Password and I can set up this in the Partner settings. How can I set up my Odette password? Unfortunately I did not find any possible settings for this. Could you please ... [More] help where can I find this setting in the OFTP2 software? version: Mendelson Opensource OFTP2 1.0 build 33 Thank you for your help in advance. Regards, Leon Forum:  OFTP2 [Less]

In reply to hmm no idea I did not figure Hello, since we're interested to find the way to resolve known issues as above, let me ask on how about CVS for last build 51 - is there any solution how to patch and compile opensource project yet? Thanks ... [More] for any updates. service wrote: hmm no idea I did not figure out how to upload the source to a repository there. I created a src subdirectory in the files directory and added a zip there. Regards Log in or register to post comments [Less]

In reply to Understanding on mendelson as2 behaviour adi1000, I have some questions regarding your post because I do not understand it: adi1000 wrote: Before doing that i want to validate my certificates using mendelson AS2. What do you mean by ... [More] "validating a certificate using mendelson AS2"? adi1000 wrote: I created a partner A and another partner B. B is set local which means i have option only to provide private key in B.Now in A i provided key for encryption as public key and signing as private key. Only the local station could have private keys assigned. You are always signing using your local stations private key and decrypting using your local stations private key. adi1000 wrote: I could see green bar with communication possible. What do you mean by this? Where do you see a green bar? Do you mean a finished transaction where everything worked fine - means decryption and signature was fine? Then everything is ok? adi1000 wrote: But drawback i see is ideally signing certificate by private key at point A and private key uploaded at point B doesnot confirm me if signing will be decrypted by public key or not.Moreover i habe no option to specify public key if i make B as local. Could you please explain this part more detailled? "signing will be decrypted" makes no sense in my understanding but perhaps you mean another issue? Regards Log in or register to post comments [Less]

Dear experts, I am trying out a communication between a place A and another place B.I need to send a text file from A to B.Before doing that i want to validate my certificates using mendelson AS2.I created a partner A and another partner B. B is set ... [More] local which means i have option only to provide private key in B.Now in A i provided key for encryption as public key and signing as private key.I could see green bar with communication possible.But drawback i see is ideally signing certificate by private key at point A and private key uploaded at point B doesnot confirm me if signing will be decrypted by public key or not.Moreover i habe no option to specify public key if i make B as local. Forum:  AS2 [Less]

Enhancement: *The connection test dialog has been reworked - it shows the full test log in the dialog now *Encryption using Elliptic Curve certificates/keys is supported now *Session debug: An entry has been added to display a session release of the ... [More] session manager *Additional resource check: a warning will be displayed if the process uses less than 4 kernels and the heap memory is too low *It's possible to manually resend more than a single transaction by marking them now *The transaction log contains the direction of the entries (inbound/outbound) now *The certificate manager displays the trust chain of the certificates now *It's now possible to temporary stop the log output now using a new button in the user interface Fixes: *The certiticate manager did not export the whole trust chain if you exported a certificate to pkcs#7 (.p7b) *The certificate manager has problems importing pkcs#7 certificates (.p7b) if the chain contained more than 2 certificates *The internal state machine went into a wrong state if the partner sent a EFPA-N *It was not possible to import certificates that were PEM encoded and contained more than a single certificate (pkcs#7) 3rd party software updates: *Update to BC 1.56 (crypto API, see https://www.bouncycastle.org/) *Update to MINA 2.0.16 *Update to javamail 1.5.6 Please have a look at the included "readme.txt" file for a (really short) basic documentation. --- Thank you all for your feedback and your help Your mendelson dev team Forum:  OFTP2 [Less]

In reply to Password for outbound connections filled up with blanks Arrow_Central, as there are no delimiters between the fields in the OFTP2 commands every field (beneath a small amount of variable length fields where the length is transmitted ... [More] also) has a fixed length and must be filled up with blanks - else the OFTP2 command length would not match. Blanks could never be a valid character in OFTP2 commands, please refer to RFC 5024: ---- 5.3. Command Formats The ODETTE-FTP commands are described below using the following definitions. ... A String contains alphanumeric characters from the following set: The numerals: 0 to 9 The upper case letters: A to Z The following special set: / - . & ( ) space. Space is not allowed as an embedded character. ... String and alphanumeric fields are always left justified and right padded with spaces where needed. Numeric fields are always right justified and left padded with zeros where needed. --- But I understand the confusion as Odette is violating it's own RFC by giving out Odette IDs that contain blanks as embedded character, they also defined strings with non capital letters in the virtual file names for special purpose like certificate exchange even if this is not allowed by their own RFC... These restrictions make the "password" of OFTP2 really useless - it is no security feature. Max length 8 characters, no special chars, uppercase only... Regards Log in or register to post comments [Less]

In reply to Password for outbound connections filled up with blanks Hi Service, no sorry, the issue was definitely caused by the blanks at position 7 and 8 in the password that we transmit to the partner. On the remote side the identical password ... [More] was set for Senders PW and Receivers PW but it did not work (incorrect password). Then we changed the password from P3SG48 to P3SG4888 so that all 8 characters are filled up and the remote site accepted the PW and our transmission immediately. This issue may be related to the application which the remote partner is using. Some don't need a PW at all (in his application it is mandatory), some my ignore the blanks and for some others a blank is a valid character so that expected and transmitted PW do not match. regards Log in or register to post comments [Less]

In reply to Password for outbound connections filled up with blanks Arrow_Central, it's more a RFC problem. The RFC uses the words "Senders Password" and "Receivers Password" but does not specify which should be used for inbound and which for ... [More] outbound data. Try to use the other password, that should work. Regards Log in or register to post comments [Less]

Seems like the Application always sends 8 characters as password in an outbound connection although the password we have entered in the partner profile contains only 6 characters. Checking the logfile, the password is sent with two blanks at the end ... [More] which is causing an "invalid password" error at partner side and transmission error. 27 | X(8) | SSIDPSWD | Initiators Password | 'P3SG48 ' regards Forum:  OFTP2 [Less]