Introduction

Exception in ENCRYPT when changing the store password.

The problem

The org.jgroups.protocols.ENCRYPT class default password is "changeit" for both store password and key password. However, if you change the store password, without having the keyPassword in the <ENCRYPT> tag, the keyPassword is still "changeit". This produces the following exception when initializing the ENCRYPT class:

java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)

Why this occurs

The KeyStoreGenerator provided in JGroups demos use the same password for the store and the key passwords. The ENCRYPT class is designed to keyPassword=storePassord when the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never null and is consequently never set to the store password.

Solution

The solution is probably to set the initial value of ENCRYPT.keyPassword to null instead of "changeit".