[
https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-3710:
---------------------------------
Attachment: derby-3710-01-aa-digestPaddedPassword.diff
Attaching derby-3710-01-aa-digestPaddedPassword.diff. This patch fixes
encryption to store a digest computed from the padded password rather than the
unpadded password. Although this changes what is stored in service.properties,
I don't believe that this affects existing applications. That is because this
bug would have caused reboot failures in all cases where the value in
service.properties has changed. I will run regression tests later today.
Touches the following files:
M java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java
Store a digest computed from the padded password rather than the unpadded
password.
M
java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java
Remove the logic which disabled tests for 192 bit encryption. Those tests had
been disabled because of this bug. Now they run again.
Also add a new test case to make sure that a different version of this bug
isn't lurking. The new test case changes the bootpassword, shuts down, and then
reboots using the new password.
> cannot access a database using AES encryption with encryptionKeyLength=192
> after it's been shutdown
> ---------------------------------------------------------------------------------------------------
>
> Key: DERBY-3710
> URL: https://issues.apache.org/jira/browse/DERBY-3710
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.5.1.1
> Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15.
> AES encryption with encryptionKeyLength=192 requires unrestricted security
> policy jars on your jvm
> Reporter: Myrna van Lunteren
> Assignee: Rick Hillegas
> Attachments: derby-3710-01-aa-digestPaddedPassword.diff,
> repro-3710.sql, repro.sql
>
>
> Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding,
> and encryptionKeyLength=192 after it's been shutdown fails like so:
> -----------------------
> ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception
> for details.
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed without
> the correct boot password.
> ----------------------
> This does not occur when you use encryptionKeyLength=128 (does not require
> unrestricted jars) nor encryptionKeyLength=256 (does require unrestricted
> policy jars).
> Note: our test (in derbyall): store/aes.sql does not test this, firstly it
> doesn't test the larger sizes (because it would diff & fail unless you have
> been able to adjust your jvm's policy jars), and secondly it doesn't shutdown
> before reconnecting.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
