Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 92572 invoked from network); 31 Jul 2009 18:24:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 31 Jul 2009 18:24:36 -0000 Received: (qmail 79174 invoked by uid 500); 31 Jul 2009 18:24:37 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 79103 invoked by uid 500); 31 Jul 2009 18:24:37 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 79094 invoked by uid 99); 31 Jul 2009 18:24:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 18:24:37 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 18:24:35 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id E23D2234C1EB for ; Fri, 31 Jul 2009 11:24:14 -0700 (PDT) Message-ID: <429531266.1249064654925.JavaMail.jira@brutus> Date: Fri, 31 Jul 2009 11:24:14 -0700 (PDT) From: "Myrna van Lunteren (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-3710) cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown In-Reply-To: <619608260.1212617625058.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737638#action_12737638 ] Myrna van Lunteren commented on DERBY-3710: ------------------------------------------- for what it's worth... The troublesome thing with encryptionAESTest was that encryption lengths > 128 require unrestricted policy files which don't get installed by default, and aren't available to everyone in the world. So there was the choice between introducing false failures for those people who might try to run the tests without them, or risking the tests cases not getting run unnoticed. Perhaps we should at least *always* print out the text indicating the unrestricted policy jar files aren't available (currently it's in a if (TestConfiguration.getCurrent().doTrace()) block, so only will show up if you run with -Dderby.tests.trace=true). Note also DERBY-4325 which has a further suggestion for improvement to the encryptionAESTest. > cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown > --------------------------------------------------------------------------------------------------- > > Key: DERBY-3710 > URL: https://issues.apache.org/jira/browse/DERBY-3710 > Project: Derby > Issue Type: Bug > Components: Services > Affects Versions: 10.5.1.1 > Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15. > AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars on your jvm > Reporter: Myrna van Lunteren > Assignee: Rick Hillegas > Attachments: derby-3710-01-aa-digestPaddedPassword.diff, derby-3710-01-ab-digestPaddedPassword.diff, repro-3710.sql, repro.sql > > > Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192 after it's been shutdown fails like so: > ----------------------- > ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details. > ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct boot password. > ---------------------- > This does not occur when you use encryptionKeyLength=128 (does not require unrestricted jars) nor encryptionKeyLength=256 (does require unrestricted policy jars). > Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test the larger sizes (because it would diff & fail unless you have been able to adjust your jvm's policy jars), and secondly it doesn't shutdown before reconnecting. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.