[jboss-jira] [JBoss JIRA] Created: (JGRP-1321) ENCRYPT puts 'illegal' chars into UTF-8 String

Ken Michie (JIRA) jira-events at lists.jboss.org
Tue May 3 11:39:18 EDT 2011 

ENCRYPT puts 'illegal' chars into UTF-8 String
----------------------------------------------

                 Key: JGRP-1321
                 URL: https://issues.jboss.org/browse/JGRP-1321
             Project: JGroups
          Issue Type: Bug
    Affects Versions: 2.12, 2.11, 2.10, 2.9, 2.8, 2.7, 2.6
         Environment: Sun JVM and IBM JVM are currently incompatible.  IBM is fixing, but still this is a problem since it weakens the strength of the key
            Reporter: Ken Michie
            Assignee: Bela Ban
            Priority: Minor


Storing any random byte array into a UTF-8 string causes invalid characters to be replaced with hex value FFFD.  Since the IBM JVM currently does this incorrectly (differently from the Sun JVM), 2 nodes on different JVMs (IBM and SUN) using ENCRYPT will not be able to communicate because they calculate different MD5 digest values.

Main thread:
http://old.nabble.com/ENCRYPT-puts-illegal-chars-into-UTF-8-String-seems-to-be-unintended--td31497430.html#a31524432

More description of why UTF-8 does this recplacement:
http://en.wikipedia.org/wiki/UTF-8

The fix will possibly make older versions of ENCRYPT incompatible since it will change the calculated MD5 digest value.

To fix it, ENCRYPT should be changed from this:
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
   symVersion=new String(digest.digest(), "UTF-8");
...
}

To something like this (byteArrayToHexString() copied from http://jkmessenger.googlecode.com/svn-history/r8/trunk/CryptoUtils.java):
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
  symVersion = byteArrayToHexString(digest.digest())
...

  public static String byteArrayToHexString(byte[] b){
     StringBuffer sb = new StringBuffer(b.length * 2);
     for (int i = 0; i < b.length; i++){
       int v = b[i] & 0xff;
       if (v < 16) {
         sb.append('0');
       }
       sb.append(Integer.toHexString(v));
     }
     return sb.toString().toUpperCase();
  }


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list