db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3710) cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown
Date Thu, 30 Jul 2009 19:00:15 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-3710:
---------------------------------

    Attachment: derby-3710-01-aa-digestPaddedPassword.diff

Attaching derby-3710-01-aa-digestPaddedPassword.diff. This patch fixes encryption to store
a digest computed from the padded password rather than the unpadded password. Although this
changes what is stored in service.properties, I don't believe that this affects existing applications.
That is because this bug would have caused reboot failures in all cases where the value in
service.properties has changed. I will run regression tests later today.

Touches the following files:


M      java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java

Store a digest computed from the padded password rather than the unpadded password.


M      java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java

Remove the logic which disabled tests for 192 bit encryption. Those tests had been disabled
because of this bug. Now they run again.

Also add a new test case to make sure that a different version of this bug isn't lurking.
The new test case changes the bootpassword, shuts down, and then reboots using the new password.


> cannot access a database using AES encryption with encryptionKeyLength=192 after it's
been shutdown
> ---------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3710
>                 URL: https://issues.apache.org/jira/browse/DERBY-3710
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.5.1.1
>         Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15. 
> AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars
on your jvm
>            Reporter: Myrna van Lunteren
>            Assignee: Rick Hillegas
>         Attachments: derby-3710-01-aa-digestPaddedPassword.diff, repro-3710.sql, repro.sql
>
>
> Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192
after it's been shutdown fails like so:
> -----------------------
> ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details.
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct
boot password.
> ----------------------
> This does not occur when you use encryptionKeyLength=128 (does not require unrestricted
jars) nor encryptionKeyLength=256 (does require unrestricted policy jars).
> Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test
the larger sizes (because it would diff & fail unless you have been able to adjust your
jvm's policy jars), and secondly it doesn't shutdown before reconnecting.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message