[jboss-jira] [JBoss JIRA] (WFLY-5593) VaultTool does not support KeySize != 128
Andreas Weise (JIRA)
issues at jboss.org
Tue Oct 27 11:30:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Weise updated WFLY-5593:
--------------------------------
Steps to Reproduce:
$ cd $JBOSS_HOME/bin
$ keytool -genseckey -storetype jceks -alias vault -keystore vault.keystore -keyalg AES -keysize 256 -storepass password -keypass pass -dname "CN=Ted Tester, OU=Test, O=Test, L=Test, ST=Test, C=en"
$ ./vault.sh -k vault.keystore -p password -e `pwd` -i 23 -s abcd1234 -v vault -b test -a foo -x secret
=========================================================================
JBoss Vault
JBOSS_HOME: /home/aweise/dev_server/wildfly
JAVA: /opt/java/current/bin/java
=========================================================================
Okt 27, 2015 10:37:13 AM org.picketbox.plugins.vault.PicketBoxSecurityVault getAdminKey
INFO: PBOX00371: Security Vault does not contain SecretKey entry under alias (vault)
Problem occurred:
java.lang.Exception: WFLYSEC0045: Exception encountered:
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192)
at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210)
at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193)
at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.jboss.modules.Module.run(Module.java:308)
at org.jboss.modules.Main.main(Main.java:487)
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00137: Security Vault does not contain SecretKey entry under alias (vault)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:487)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:214)
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189)
... 9 more
Caused by: java.lang.RuntimeException: PBOX00137: Security Vault does not contain SecretKey entry under alias (vault)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.setUpVault(PicketBoxSecurityVault.java:379)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:482)
... 11 more}}
was:
{{$ cd $JBOSS_HOME/bin
$ keytool -genseckey -storetype jceks -alias vault -keystore vault.keystore -keyalg AES -keysize 256 -storepass password -keypass pass -dname "CN=Ted Tester, OU=Test, O=Test, L=Test, ST=Test, C=en"
$ ./vault.sh -k vault.keystore -p password -e `pwd` -i 23 -s abcd1234 -v vault -b test -a foo -x secret
=========================================================================
JBoss Vault
JBOSS_HOME: /home/aweise/dev_server/wildfly
JAVA: /opt/java/current/bin/java
=========================================================================
Okt 27, 2015 10:37:13 AM org.picketbox.plugins.vault.PicketBoxSecurityVault getAdminKey
INFO: PBOX00371: Security Vault does not contain SecretKey entry under alias (vault)
Problem occurred:
java.lang.Exception: WFLYSEC0045: Exception encountered:
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192)
at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210)
at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193)
at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.jboss.modules.Module.run(Module.java:308)
at org.jboss.modules.Main.main(Main.java:487)
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00137: Security Vault does not contain SecretKey entry under alias (vault)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:487)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:214)
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189)
... 9 more
Caused by: java.lang.RuntimeException: PBOX00137: Security Vault does not contain SecretKey entry under alias (vault)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.setUpVault(PicketBoxSecurityVault.java:379)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:482)
... 11 more}}
> VaultTool does not support KeySize != 128
> -----------------------------------------
>
> Key: WFLY-5593
> URL: https://issues.jboss.org/browse/WFLY-5593
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.0.CR4
> Reporter: Andreas Weise
> Assignee: Darran Lofthouse
> Priority: Minor
>
> Vault tool (vault.sh) returns exception PBOX00137: Security Vault does not contain SecretKey entry under alias (vault) when using a JCEKS with AES 256.
> It seems only 128 Bit Key Length is supported by the Vault Tool, which is default in [org/picketbox/plugins/vault/PicketBoxSecurityVault.java|https://github.com/picketbox/bare-vault/blob/master/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java]
> Key length could be parametrized in PicketBoxSecurityVault, but vault tool does not support this, more specifically [org/jboss/as/security/vault/VaultSession.getVaultOptionsMap()|https://github.com/wildfly/wildfly/blob/master/security/subsystem/src/main/java/org/jboss/as/security/vault/VaultSession.java]
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list