db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3711) convert store/aes.sql to junit test & add unrestricted test cases.
Date Wed, 11 Jun 2008 21:34:45 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604345#action_12604345

Dag H. Wanvik commented on DERBY-3711:

I think the property derby.encryptionBlockSize is only ever used to persist this quantity
between boots (in service.properties) and can not be set by users. Jean's presentation seems
to indicate that. So does the code in RawStore#setupEncryptionEngines, I think.
But there seems to be a vulnerability here, cf also DERBY-46.

As for encryptionKeyLength, it seems this can be specified (per Dan's paper and code below)

and should probably be documented, cf this code fragment in JCECipherFactory:

		// case 1 - if 'encryptionKey' is not set and 'encryptionKeyLength' is set, then use
		// the 'encryptionKeyLength' property value  as the keyLength in bits.
		// case 2 - 'encryptionKey' property is not set and 'encryptionKeyLength' is not set, then
		// use the defaults keylength:  56bits for DES, 168 for DESede and 128 for any other encryption
		// algorithm
                if (externalKey == null && create) {
			if(properties.getProperty(Attribute.CRYPTO_KEY_LENGTH) != null)

> convert store/aes.sql to junit test & add unrestricted test cases.
> ------------------------------------------------------------------
>                 Key: DERBY-3711
>                 URL: https://issues.apache.org/jira/browse/DERBY-3711
>             Project: Derby
>          Issue Type: Task
>          Components: Test
>            Reporter: Myrna van Lunteren
>            Assignee: Myrna van Lunteren
>            Priority: Minor
>             Fix For:
>         Attachments: DERBY-3711-2.diff, DERBY-3711-2.stat, DERBY-3711_1.diff
> The store/aes.sql test can, because it's a master-based test, only test what's guaranteed
available, i.e. only the encryptionKeyLength=128.
> If it were a junit test, we could make it ignore the expected failures if the larger
key sizes weren't supported, but test otherwise.
> Having a junit test doesn't guarantee the test would get executed, of course, but at
least the test would exist. 
> Would it be useful/ok to have a message print to the console as a warning?

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message