db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3710) cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown
Date Fri, 31 Jul 2009 22:44:15 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737754#action_12737754

Dag H. Wanvik commented on DERBY-3710:

Right; thanks Rick, that was it apparently:

with this change in the test:
 @@ -383,6 +388,11 @@
         catch (SQLException e) {
             // if it fails, it should only be because of non-existing
             // support for unrestricted encryption policy.
+            System.err.println("restricted encryption policy: " + algorithm);
+            for (int i=0; i < otherAttributes.length; i++) {
+                System.err.println("attr: " + otherAttributes[i]);
+            }

I see:

java -client -Xms128M -Xmx512M -XX:MaxPermSize=128m -DderbyTesting.oldReleasePath=/usr/local/share/java/derby/lib-debug
junit.textui.TestRunner org.apache.derbyTesting.functionTests.tests.store.EncryptionAESTest
...restricted encryption policy: AES/CBC/NoPadding
attr: encryptionKeyLength=192
attr: bootPassword=Thursday
restricted encryption policy: AES/CBC/NoPadding
attr: encryptionKeyLength=256
attr: bootPassword=Thursday

so I guess what I saw is expected. I guess I can't get hold of the unrestricted policy jars?

> cannot access a database using AES encryption with encryptionKeyLength=192 after it's
been shutdown
> ---------------------------------------------------------------------------------------------------
>                 Key: DERBY-3710
>                 URL: https://issues.apache.org/jira/browse/DERBY-3710
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions:
>         Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15. 
> AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars
on your jvm
>            Reporter: Myrna van Lunteren
>            Assignee: Rick Hillegas
>         Attachments: derby-3710-01-aa-digestPaddedPassword.diff, derby-3710-01-ab-digestPaddedPassword.diff,
repro-3710.sql, repro.sql
> Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192
after it's been shutdown fails like so:
> -----------------------
> ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details.
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct
boot password.
> ----------------------
> This does not occur when you use encryptionKeyLength=128 (does not require unrestricted
jars) nor encryptionKeyLength=256 (does require unrestricted policy jars).
> Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test
the larger sizes (because it would diff & fail unless you have been able to adjust your
jvm's policy jars), and secondly it doesn't shutdown before reconnecting.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message