[jboss-jira] [JBoss JIRA] (JGRP-1375) Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException

Julien Kronegg (Created) (JIRA) jira-events at lists.jboss.org
Tue Oct 11 11:38:21 EDT 2011 

Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException
---------------------------------------------------------------------------------------------------------

                 Key: JGRP-1375
                 URL: https://issues.jboss.org/browse/JGRP-1375
             Project: JGroups
          Issue Type: Bug
    Affects Versions: 2.12.1, 3.0
            Reporter: Julien Kronegg
            Assignee: Bela Ban
            Priority: Optional


h3. Introduction
Exception in ENCRYPT when changing the store password.
h3. The problem
The [{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java] class default password is "changeit" for both store password and key password. However, if you change the store password, without having the keyPassword in the <ENCRYPT> tag, the keyPassword is still "changeit". This produces the following exception when initializing the {{ENCRYPT}} class:
{code}
java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)
{code}
h3. Why this occurs
The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never {{null}} and is consequently never set to the store password.
h3. Solution
The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}} instead of {{"changeit"}}.



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list