SecureVNC Plugin - AES, RSA, and more, for x86 and x64!

[Rudi De Vos]

I guess it has to do with unicode and multi char.
If plugin and viewer use a different keyset, the internal representation of chars like ë é ç is different.

[YY]

I guess it has to do with unicode and multi char.
If plugin and viewer use a different keyset, the internal representation of chars like ë é ç is different.

Then it is a wrong passphase issue, and the returned status s/b "Authentication Rejected"

How come it can result with the messege:

server closed connection
- The server running as application

[Rudi De Vos]

I still need to verify, but as far as i can remember there is a difference between vnc passwd and passphrase

Encryption + VNC Authentication: The server respond ->Authentication Rejected
This is possible because the encrytpion key is send via DH negotiation and password is checked insite encryption.
The server can tell the viewer that the password is wrong

Encryption + Passphase: The server is unable to send a understandable message.
The passphase is part of the encryption, if the passphrase is wrong, the server
can not send any message to the viewer. He only can close the connection.
The message

server closed connection
- The server running as application

is generated by the viewer on a unexpected server disconnect

[Chaka]

Hello, I tried to create and use more then one keyfile for a number of different users. So I put all pubkey files into the UltraVNC directory and give the pkey files together with the viewer to different users. But with all keyfiles then one I get the message "Response failed client authentication",why? Like the documentation said I created the following keyfiles, e.g. max_ClientAuth.pkey together with max_ClientAuth.pubkey and bob_ClientAuth.pkey with bob_ClientAuth.pubkey, and so on. But only with the keyfile with a filename first in the alphabet I can make a connection, means in my example with "bob_ClientAuth.*key", because "b" comes first in alphabet and "m" (for max) cames later. Did I something wrong to get different keys for different users? Only with that way I can pull back a single keyfile for a specific user in the future without delivery new keys to all other users.

[Rudi De Vos]

Not possible,
The server can only load a single key.

[Chaka]

Understood, and I tried wasteful several hours for an solution, thanks anyway. I was confused about the following words within the documentation:

Passphrases and client authentication keys
... The server should have the public key (named *_ClientAuth.pubkey), and the viewer should have the private key (named *_ClientAuth.pkey). ...
The portion of the filename before the _ClientAuth will be sent in the handshake as the key identifier. This allows the viewer to choose the appropriate client authentication key for the connection. For example, if the server is using First_ClientAuth.pubkey, the viewer will attempt to find First_ClientAuth.pkey. Once you change the server to use Second_ClientAuth.pubkey, the viewer will then attempt to find Second_ClientAuth.pkey; however, the viewer would still be able to connect to servers that are still using First_ClientAuth.pubkey. If the key is not found, it will revert to using the first *_ClientAuth.pkey that it can.

Would you please enlighten me, what's the meaning of this? Above are also two or more possible keys mentioned "First_ClientAuth.*" and "Second_ClientAuth.*"? Whats the difference to my booth keys "max_ClientAuth.*" and "bob_ClientAuth.*"? I'm very soory but it seems I don't understand those words at all.

I thought

...the filename before the _ClientAuth will be sent in the handshake as the key identifier. This allows the viewer to choose the appropriate client authentication key for the connection...

means with the keyfile "bob_ClientAuth.pkey" the server uses automatic the keyfile "bob_ClientAuth.pubkey" and with "max_ClientAuth.pkey" the server choose "max_ClientAuth.pubkey", because the the filename before _ClientAuth will be sent in the handshake as the identifier?

Oh now a light goes on, only the viewer can use different keys to operate with different servers, but the server cant operate with different keys because of the server says through the handshake to the viewer which file to use and not otherwise. And in the servers case its always the first keyfile it founds e.g. "First_ClientAuth.*" before "Second_ClientAuth.*" or "bob_ClientAuth.pubkey" before max_ClientAuth.pkey

[Rudi De Vos]

Yes,
A viewer was made to be able to connect to multiple servers with different passwords ( so the same was done for the encryption)
A server always had a single password in vnc, the encryption only support a single server key.

[racassel]

Where is the plugin. The adam website has been down a while now.

[Rudi De Vos]

plugins are part of the addons you can download from the uvnc website
Latest version (x86 /X64 )
http://www.uvnc.com/downloads/ultravnc/ ... -1196.html

[racassel]

I see. I had downloaded the zip for that version and thought it would be within. Thank you very much and keep up the good work. - With appreciation RC