db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3710) cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown
Date Fri, 31 Jul 2009 14:04:14 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-3710:
---------------------------------

    Attachment: derby-3710-01-ab-digestPaddedPassword.diff

Thanks for the quick review, Dag. Attaching a second rev of the patch which makes the tuple
inner class private as you suggested: derby-3710-01-ab-digestPaddedPassword.diff.

I'm not sure why the tests don't work in your environment. One thing I have noticed about
this test class is that all sorts of unexpected errors are intercepted in EncryptionAESTest.createAndPopulateDB().
So, for instance, the 192 bit test cases don't run for me under Java 5 because I get an unsupported
key length exception on that platform--the test class swallows that exception, skips the test
case, and continues merrily along. Have you tried Myrna's repro with and without the patch?
Don't bother with my repro: if your platform doesn't support 192 bit encryption, then my repro
will fail because of DERBY-4329.

The full regression tests ran cleanly for me on Java 5 on my Mac--however, as I noted, on
that platform the 192 bit test cases are silently ignored. Those test cases do run correctly
for me on the beta Java 6 which I'm running on my Mac and, on that platform, the old-style
harness tests run cleanly for me too. However, the full JUnit suite hangs for me on that platform--with
and without this patch.

It seems to me that this patch fixes the problem and does not introduce any regressions which
I can detect.

Thanks!

> cannot access a database using AES encryption with encryptionKeyLength=192 after it's
been shutdown
> ---------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3710
>                 URL: https://issues.apache.org/jira/browse/DERBY-3710
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.5.1.1
>         Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15. 
> AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars
on your jvm
>            Reporter: Myrna van Lunteren
>            Assignee: Rick Hillegas
>         Attachments: derby-3710-01-aa-digestPaddedPassword.diff, derby-3710-01-ab-digestPaddedPassword.diff,
repro-3710.sql, repro.sql
>
>
> Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192
after it's been shutdown fails like so:
> -----------------------
> ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details.
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct
boot password.
> ----------------------
> This does not occur when you use encryptionKeyLength=128 (does not require unrestricted
jars) nor encryptionKeyLength=256 (does require unrestricted policy jars).
> Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test
the larger sizes (because it would diff & fail unless you have been able to adjust your
jvm's policy jars), and secondly it doesn't shutdown before reconnecting.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message