[JBoss JIRA] (JGRP-1375) Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException
10:38 a.m.
Default 'key' password never set to 'store' password which causes
java.security.UnrecoverableKeyException
---------------------------------------------------------------------------------------------------------
Key: JGRP-1375
URL: https://issues.jboss.org/browse/JGRP-1375
Project: JGroups
Issue Type: Bug
Affects Versions: 2.12.1, 3.0
Reporter: Julien Kronegg
Assignee: Bela Ban
Priority: Optional
h3. Introduction
Exception in ENCRYPT when changing the store password.
h3. The problem
The
[{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java]
class default password is "changeit" for both store password and key password.
However, if you change the store password, without having the keyPassword in the
<ENCRYPT> tag, the keyPassword is still "changeit". This produces the
following exception when initializing the {{ENCRYPT}} class:
{code}
java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)
{code}
h3. Why this occurs
The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store
and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when
the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never {{null}}
and is consequently never set to the store password.
h3. Solution
The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}}
instead of {{"changeit"}}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:28 p.m.
[
https://issues.jboss.org/browse/JGRP-1375?page=com.atlassian.jira.plugin....
]
Bela Ban updated JGRP-1375:
---------------------------
Fix Version/s: 3.0
Default 'key' password never set to 'store' password
which causes java.security.UnrecoverableKeyException
---------------------------------------------------------------------------------------------------------
Key: JGRP-1375
URL: https://issues.jboss.org/browse/JGRP-1375
Project: JGroups
Issue Type: Bug
Affects Versions: 2.12.1, 3.0
Reporter: Julien Kronegg
Assignee: Bela Ban
Priority: Optional
Labels: configuration, encrypt, key, keystore
Fix For: 3.0
h3. Introduction
Exception in ENCRYPT when changing the store password.
h3. The problem
The
[{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java]
class default password is "changeit" for both store password and key password.
However, if you change the store password, without having the keyPassword in the
<ENCRYPT> tag, the keyPassword is still "changeit". This produces the
following exception when initializing the {{ENCRYPT}} class:
{code}
java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)
{code}
h3. Why this occurs
The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store
and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when
the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never {{null}}
and is consequently never set to the store password.
h3. Solution
The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}}
instead of {{"changeit"}}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:29 a.m.
[
https://issues.jboss.org/browse/JGRP-1375?page=com.atlassian.jira.plugin....
]
Bela Ban commented on JGRP-1375:
--------------------------------
Although I don't think that setting key_password explicitly is a big deal, I followed
your advice and set keyPassword=null by default, so the key password is the same as the
store pwd unless explicitly set
Default 'key' password never set to 'store' password
which causes java.security.UnrecoverableKeyException
---------------------------------------------------------------------------------------------------------
Key: JGRP-1375
URL: https://issues.jboss.org/browse/JGRP-1375
Project: JGroups
Issue Type: Bug
Affects Versions: 2.12.1, 3.0
Reporter: Julien Kronegg
Assignee: Bela Ban
Priority: Optional
Labels: configuration, encrypt, key, keystore
Fix For: 3.0
h3. Introduction
Exception in ENCRYPT when changing the store password.
h3. The problem
The
[{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java]
class default password is "changeit" for both store password and key password.
However, if you change the store password, without having the keyPassword in the
<ENCRYPT> tag, the keyPassword is still "changeit". This produces the
following exception when initializing the {{ENCRYPT}} class:
{code}
java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)
{code}
h3. Why this occurs
The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store
and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when
the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never {{null}}
and is consequently never set to the store password.
h3. Solution
The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}}
instead of {{"changeit"}}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:35 a.m.
[
https://issues.jboss.org/browse/JGRP-1375?page=com.atlassian.jira.plugin....
]
Bela Ban resolved JGRP-1375.
----------------------------
Resolution: Done
Default 'key' password never set to 'store' password
which causes java.security.UnrecoverableKeyException
---------------------------------------------------------------------------------------------------------
Key: JGRP-1375
URL: https://issues.jboss.org/browse/JGRP-1375
Project: JGroups
Issue Type: Bug
Affects Versions: 2.12.1, 3.0
Reporter: Julien Kronegg
Assignee: Bela Ban
Priority: Optional
Labels: configuration, encrypt, key, keystore
Fix For: 3.0
h3. Introduction
Exception in ENCRYPT when changing the store password.
h3. The problem
The
[{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java]
class default password is "changeit" for both store password and key password.
However, if you change the store password, without having the keyPassword in the
<ENCRYPT> tag, the keyPassword is still "changeit". This produces the
following exception when initializing the {{ENCRYPT}} class:
{code}
java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)
{code}
h3. Why this occurs
The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store
and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when
the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never {{null}}
and is consequently never set to the store password.
h3. Solution
The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}}
instead of {{"changeit"}}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4767
days inactive
4773
days old
3 comments
4 participants
participants (4)
-
Bela Ban (Commented) (JIRA) -
Bela Ban (Resolved) (JIRA)
-
Bela Ban (Updated) (JIRA)
-
Julien Kronegg (Created) (JIRA)