Exception in ENCRYPT when changing the store password.
The org.jgroups.protocols.ENCRYPT class default password is "changeit" for both store password and key password. However, if you change the store password, without having the keyPassword in the <ENCRYPT> tag, the keyPassword is still "changeit". This produces the following exception when initializing the ENCRYPT class:
java.security.UnrecoverableKeyException: Given final block not properly padded at com.ibm.crypto.provider.y.a(Unknown Source) at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source) at java.security.KeyStore.getKey(KeyStore.java:196) at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273) at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235) at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892) at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538) at org.jgroups.JChannel.init(JChannel.java:1725)
Why this occurs
The KeyStoreGenerator provided in JGroups demos use the same password for the store and the key passwords. The ENCRYPT class is designed to keyPassword=storePassord when the keyPassword is null.
However, the keyPassword is initialized to "changeit", so it is never null and is consequently never set to the store password.
The solution is probably to set the initial value of ENCRYPT.keyPassword to null instead of "changeit".
- is related to
JGRP-1257 ENCRYPT protocol UnrecoverableKeyException: Given final block not properly padded