Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1375

Default 'key' password never set to 'store' password which causes java.security.UnrecoverableKeyException

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide

      A workaround is to set the key password in the configuration:

      <ENCRYPT store_password="myPasswordButNotChangeit" key_password="myPasswordButNotChangeit"/>
      Show
      A workaround is to set the key password in the configuration: <ENCRYPT store_password= "myPasswordButNotChangeit" key_password= "myPasswordButNotChangeit" />

    Description

      Introduction

      Exception in ENCRYPT when changing the store password.

      The problem

      The org.jgroups.protocols.ENCRYPT class default password is "changeit" for both store password and key password. However, if you change the store password, without having the keyPassword in the <ENCRYPT> tag, the keyPassword is still "changeit". This produces the following exception when initializing the ENCRYPT class:

      java.security.UnrecoverableKeyException: Given final block not properly padded
at com.ibm.crypto.provider.y.a(Unknown Source)
at com.ibm.cryptp.provider.JceKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:196)
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:273)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:235)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:892)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:538)
at org.jgroups.JChannel.init(JChannel.java:1725)

      Why this occurs

      The KeyStoreGenerator provided in JGroups demos use the same password for the store and the key passwords. The ENCRYPT class is designed to keyPassword=storePassord when the keyPassword is null.
      However, the keyPassword is initialized to "changeit", so it is never null and is consequently never set to the store password.

      Solution

      The solution is probably to set the initial value of ENCRYPT.keyPassword to null instead of "changeit".

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JGRP-1257 ENCRYPT protocol UnrecoverableKeyException: Given final block not properly padded

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-engineering-bban Bela Ban
              jkronegg_jira Julien Kronegg (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: