[jboss-jira] [JBoss JIRA] (JGRP-1375) Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException

Bela Ban (Updated) (JIRA) jira-events at lists.jboss.org
Fri Oct 14 13:28:16 EDT 2011 

     [ https://issues.jboss.org/browse/JGRP-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bela Ban updated JGRP-1375:
---------------------------

    Fix Version/s: 3.0

    
> Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: JGRP-1375
>                 URL: https://issues.jboss.org/browse/JGRP-1375
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 2.12.1, 3.0
>            Reporter: Julien Kronegg
>            Assignee: Bela Ban
>            Priority: Optional
>              Labels: configuration, encrypt, key, keystore
>             Fix For: 3.0
>
>
> h3. Introduction
> Exception in ENCRYPT when changing the store password.
> h3. The problem
> The [{{org.jgroups.protocols.ENCRYPT}}|https://github.com/belaban/JGroups/blob/JGroups_3_0_0_CR5/src/org/jgroups/protocols/ENCRYPT.java] class default password is "changeit" for both store password and key password. However, if you change the store password, without having the keyPassword in the <ENCRYPT> tag, the keyPassword is still "changeit". This produces the following exception when initializing the {{ENCRYPT}} class:
> {code}
> java.security.UnrecoverableKeyException: Given final block not properly padded
> at com.ibm.crypto.provider.y.a(Unknown Source)
> at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
> at java.security.KeyStore.getKey(KeyStore.java:196)
> at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
> at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
> at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
> at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
> at org.jgroups.JChannel.init(JChannel.java:1725)
> {code}
> h3. Why this occurs
> The {{KeyStoreGenerator}} provided in JGroups demos use the same password for the store and the key passwords. The {{ENCRYPT}} class is designed to keyPassword=storePassord when the keyPassword is null.
> However, the keyPassword is initialized to "changeit", so it is never {{null}} and is consequently never set to the store password.
> h3. Solution
> The solution is probably to set the initial value of {{ENCRYPT.keyPassword}} to {{null}} instead of {{"changeit"}}.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list