[
https://issues.apache.org/jira/browse/SOLR-11690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16596112#comment-16596112
]
Jan Høydahl commented on SOLR-11690:
------------------------------------
I had the exact same issue. For me it was solved by using
{code:java}
echo -n "mypassword" > pwd.txt
{code}
instead of what the refGuide says:
{code:java}
echo "mypassword" > pwd.txt
{code}
The {{-n}} flag tells echo to not add a newline, and then it works. So I think
this JIRA can result in a documentation fix where we add the {{-n}} flag and
make a WARNING box detailing that you need to make sure the file contains ONLY
the password and nothing else.
I think the problem has to be solved before running openssl, and cannot be
fixed in Java code in DIH. Here is the sequence I'd recommend instead of
current docs:
# Create a file with an encryption key
{{echo -n "myencryptionkey" > /var/solr/data/dih-encryptionkey}}
# Use this file name as the "encryptKeyFile" parameter in <dataSource> tag in
data-config.xml
# Encrypt your JDBC password into a string to replace the password in the
config
{{echo -n "my-jdbc-password" | openssl enc -aes-128-cbc -a -salt -pass
file:/var/solr/data/dih-encryptionkey}}
# Insert that string as "password" in the <dataSource> tag in data-config.xml.
The string will look something like this
U2FsdGVkX188xHM8QHUbuDapdE3WTLt//Oey9VSRAyE=
This procedure is simpler as it avoids storing the jdbc password to file (which
must be deleted again), and you also don't need to type the encryption key
twice, as we ask openssl to read the same file that DIH will read later
> DIH JdbcDataSource - Problem decoding encrypted password using encryptKeyFile
> -----------------------------------------------------------------------------
>
> Key: SOLR-11690
> URL: https://issues.apache.org/jira/browse/SOLR-11690
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: contrib - DataImportHandler
> Affects Versions: 6.6.2
> Reporter: Rajesh Arumugam
> Assignee: Jan Høydahl
> Priority: Major
> Labels: easyfix
> Fix For: master (8.0), 7.5
>
>
> The password decryption is not working fine because of a bug in
> JdbcDataSorce.java -> decryptPwd(Context context, Properties initProps)
> method. The problem is due to bad construction of key string while making a
> call to CryptoKeys.decodeAES(). Due to this the CryptoKeys throws "*Bad
> password, algorithm, mode or padding; no salt, wrong number of iterations or
> corrupted ciphertext.*" exception while trying to decode password.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
