[jira] [Commented] (SHIRO-730) Updates the default Cipher mode to GCM in AesCipherService

Thu, 09 Jan 2020 12:09:28 -0800 


    [ 
https://issues.apache.org/jira/browse/SHIRO-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17012194#comment-17012194
 ] 

Peter Rebholz commented on SHIRO-730:
-------------------------------------

Not sure if this the right protocol, but should this change be considered a 
breaking change? Or is AesCipherService considered an internal API?

 

If someone uses this service to encrypt and decrypt values that are persisted 
then existing values will be unreadable (when using the defaults) after 
upgrading to Shiro 1.4.2. I'm attaching a small program 
([^ShiroUpgradeTest.java]) that demonstrates this and produces the following 
output:

$ SHIRO_VERSION=1.4.1
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest encrypt
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
Plain Text: Hello World

$ SHIRO_VERSION=1.4.2
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
Exception in thread "main" org.apache.shiro.crypto.CryptoException: Unable to 
execute 'doFinal' with cipher instance [javax.crypto.Cipher@5a2e4553].
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
 at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
 at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
 at ShiroUpgradeTest.decrypt(ShiroUpgradeTest.java:49)
 at ShiroUpgradeTest.main(ShiroUpgradeTest.java:63)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
 at 
com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:592)
 at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
 at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
 at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
 at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
 at javax.crypto.Cipher.doFinal(Cipher.java:2164)
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
 ... 5 more

 

 

> Updates the default Cipher mode to GCM in AesCipherService
> ----------------------------------------------------------
>
>                 Key: SHIRO-730
>                 URL: https://issues.apache.org/jira/browse/SHIRO-730
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Francois Papon
>            Priority: Major
>             Fix For: 1.4.2, 1.5.0
>
>         Attachments: ShiroUpgradeTest.java
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to