Hello,
When I don't encrypt the scratch codes, by
leaving cas.authn.mfa.gauth.core.scratch-codes.encryption.key unset, backup
recovery keys work fine.
When I encrypt them then they seem to store fine but an exception is thrown
when I try to use them.
2023-04-06 15:43:51,053 WARN [org.apereo.cas.util.function.FunctionUtils] -
<EncryptionOperationNotPossibleException>
org.jasypt.exceptions.EncryptionOperationNotPossibleException: null
at
org.jasypt.encryption.pbe.StandardPBEBigIntegerEncryptor.decrypt(StandardPBEBigIntegerEncryptor.java:586)
~[jasypt-1.9.3.jar!/:?]
at
org.jasypt.util.numeric.AES256IntegerNumberEncryptor.decrypt(AES256IntegerNumberEncryptor.java:116)
~[jasypt-1.9.3.jar!/:?]
at
org.apereo.cas.util.cipher.JasyptNumberCipherExecutor.decode(JasyptNumberCipherExecutor.java:45)
~[cas-server-core-util-api-6.6.1.jar!/:6.6.1]
at
org.apereo.cas.util.cipher.JasyptNumberCipherExecutor.decode(JasyptNumberCipherExecutor.java:19)
~[cas-server-core-util-api-6.6.1.jar!/:6.6.1]
at
org.apereo.cas.util.crypto.DecodableCipher.decode(DecodableCipher.java:37)
~[cas-server-core-api-util-6.6.1.jar!/:6.6.1]
at
org.apereo.cas.otp.repository.credentials.BaseOneTimeTokenCredentialRepository.lambda$decode$0(BaseOneTimeTokenCredentialRepository.java:69)
It seems to throw one of these for each scratch code, suggesting it cannot
decrypt them.
Stepping through the code, the problem seems to first show up in
NumberUtils.processBitIntegerEncrypted(): 71
System.arraycopy(byteArray, (initialSize - 4),
encryptedMessageExpectedSizeBytes, 0, 4);
encryptedMessageExpectedSizeBytes just ends up being [0,0,0,0].
I"m using
cas.authn.mfa.gauth.core.scratch-codes.encryption.key=DTcyfU3VagtfbyxvmFOTM6N0tfeLUTuWlQy_R83GZIo
My original source was using
cas.authn.mfa.gauth.core.scratch-codes.encryption.key-size=256
but I saw another example with
cas.authn.mfa.gauth.core.scratch-codes.encryption.key-size=16
But both seem to behave the same.
I'm storing the codes in an Oracle database. And they look like:
-45042011719129430758667059667890329945100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-79896184794635338776074275007870804906200000000000000000000000000000000000000000000000000000000000000000000000000000000000000
It seems like they have too much zero padding at the end?
Anyone have any ideas?
Thanks,
Bill Baran
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/95c825a4-24b7-415e-9e3a-1fc6c971bcc9n%40apereo.org.
