[jboss-jira] [JBoss JIRA] Updated: (JGRP-1321) ENCRYPT puts 'illegal' chars into UTF-8 String
Ken Michie (JIRA)
jira-events at lists.jboss.org
Tue May 3 11:41:18 EDT 2011
[ https://issues.jboss.org/browse/JGRP-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ken Michie updated JGRP-1321:
-----------------------------
Description:
Storing any random byte array into a UTF-8 string causes invalid characters to be replaced with hex value FFFD. Since the IBM JVM currently does this incorrectly (differently from the Sun JVM), 2 nodes on different JVMs (IBM and SUN) using ENCRYPT will not be able to communicate because they calculate different MD5 digest values.
Main thread:
http://old.nabble.com/ENCRYPT-puts-illegal-chars-into-UTF-8-String-seems-to-be-unintended--td31497430.html#a31524432
More description of why UTF-8 does this recplacement:
http://en.wikipedia.org/wiki/UTF-8
The fix will possibly make older versions of ENCRYPT incompatible since it will change the calculated MD5 digest value.
To fix it, ENCRYPT should be changed from this:
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
symVersion=new String(digest.digest(), "UTF-8");
...
}
To something like this (byteArrayToHexString() copied from http://jkmessenger.googlecode.com/svn-history/r8/trunk/CryptoUtils.java):
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
symVersion = byteArrayToHexString(digest.digest())
...
public static String byteArrayToHexString(byte[] b){
StringBuffer sb = new StringBuffer(b.length * 2);
for (int i = 0; i < b.length; i++){
int v = b[i] & 0xff;
if (v < 16) {
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString().toUpperCase();
}
was:
Storing any random byte array into a UTF-8 string causes invalid characters to be replaced with hex value FFFD. Since the IBM JVM currently does this incorrectly (differently from the Sun JVM), 2 nodes on different JVMs (IBM and SUN) using ENCRYPT will not be able to communicate because they calculate different MD5 digest values.
Main thread:
http://old.nabble.com/ENCRYPT-puts-illegal-chars-into-UTF-8-String-seems-to-be-unintended--td31497430.html#a31524432
More description of why UTF-8 does this recplacement:
http://en.wikipedia.org/wiki/UTF-8
The fix will possibly make older versions of ENCRYPT incompatible since it will change the calculated MD5 digest value.
To fix it, ENCRYPT should be changed from this:
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
symVersion=new String(digest.digest(), "UTF-8");
...
}
To something like this (byteArrayToHexString() copied from http://jkmessenger.googlecode.com/svn-history/r8/trunk/CryptoUtils.java):
private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
...
symVersion = byteArrayToHexString(digest.digest())
...
public static String byteArrayToHexString(byte[] b){
StringBuffer sb = new StringBuffer(b.length * 2);
for (int i = 0; i < b.length; i++){
int v = b[i] & 0xff;
if (v < 16) {
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString().toUpperCase();
}
> ENCRYPT puts 'illegal' chars into UTF-8 String
> ----------------------------------------------
>
> Key: JGRP-1321
> URL: https://issues.jboss.org/browse/JGRP-1321
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 2.6, 2.7, 2.8, 2.9, 2.10, 2.11, 2.12
> Environment: Sun JVM and IBM JVM are currently incompatible. IBM is fixing, but still this is a problem since it weakens the strength of the key
> Reporter: Ken Michie
> Assignee: Bela Ban
> Priority: Minor
> Labels: encrypt, jgroups, utf-8
>
> Storing any random byte array into a UTF-8 string causes invalid characters to be replaced with hex value FFFD. Since the IBM JVM currently does this incorrectly (differently from the Sun JVM), 2 nodes on different JVMs (IBM and SUN) using ENCRYPT will not be able to communicate because they calculate different MD5 digest values.
> Main thread:
> http://old.nabble.com/ENCRYPT-puts-illegal-chars-into-UTF-8-String-seems-to-be-unintended--td31497430.html#a31524432
> More description of why UTF-8 does this recplacement:
> http://en.wikipedia.org/wiki/UTF-8
> The fix will possibly make older versions of ENCRYPT incompatible since it will change the calculated MD5 digest value.
> To fix it, ENCRYPT should be changed from this:
> private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
> ...
> symVersion=new String(digest.digest(), "UTF-8");
> ...
> }
> To something like this (byteArrayToHexString() copied from http://jkmessenger.googlecode.com/svn-history/r8/trunk/CryptoUtils.java):
> private void initSymCiphers(String algorithm, SecretKey secret) throws Exception {
> ...
> symVersion = byteArrayToHexString(digest.digest())
> ...
> public static String byteArrayToHexString(byte[] b){
> StringBuffer sb = new StringBuffer(b.length * 2);
> for (int i = 0; i < b.length; i++){
> int v = b[i] & 0xff;
> if (v < 16) {
> sb.append('0');
> }
> sb.append(Integer.toHexString(v));
> }
> return sb.toString().toUpperCase();
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list