Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10459

Elytron FIPS CS, javax.crypto.BadPaddingException

XMLWordPrintable

    • Hide
      • Create secret key
        keytool -keystore NONE -storetype PKCS11 -storepass pass123+ -genseckey -alias mykey -keyalg AES -keysize 128
        keytool -keystore NONE -storetype PKCS11 -list -storepass pass123+
        
      • Create credential store
        /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;keyStoreType=PKCS11;external=true;location=secretdatafile;create=true;keyAlias=mykey",relative-to=jboss.server.data.dir,credential-reference={clear-text="pass123+"})
        
      • Create secret value
        /subsystem=elytron/credential-store=test/alias=secretKey:add(secret-value=password)
        reload
        
      Show
      Create secret key keytool -keystore NONE -storetype PKCS11 -storepass pass123+ -genseckey -alias mykey -keyalg AES -keysize 128 keytool -keystore NONE -storetype PKCS11 -list -storepass pass123+ Create credential store /subsystem=elytron/credential-store=test:add(uri= "cr-store: //test?modifiable= true ;keyStoreType=PKCS11;external= true ;location=secretdatafile;create= true ;keyAlias=mykey" ,relative-to=jboss.server.data.dir,credential-reference={clear-text= "pass123+" }) Create secret value /subsystem=elytron/credential-store=test/alias=secretKey:add(secret-value=password) reload

      11:24:46,986 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.credential-store.test: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.test: WFLYELY00004: Unable to start the service.
      	at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:119)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09526: Unable to initialize credential store
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:799)
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:183)
      	at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:119)
      	at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:117)
      	... 5 more
      Caused by: java.io.IOException: ELY09533: Internal encryption problem while reading "/home/mchoma/workspace/eap-versions/7.1.0.DR16/jboss-eap-7.1/standalone/data/test"
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:800)
      	... 8 more
      Caused by: javax.crypto.BadPaddingException
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.pkcs7UnPad(KeyStoreCredentialStore.java:1245)
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.loadSecretKey(KeyStoreCredentialStore.java:1165)
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.load(KeyStoreCredentialStore.java:1148)
      	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:793)
      	... 8 more
      

      Found now because EAP7-277 was moved into Verification TODO (feature was delivered) in DR16

            pskopek@redhat.com Peter Skopek
            mchoma@redhat.com Martin Choma
            Peter Skopek
            Martin Choma Martin Choma
            Martin Choma Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: