[jira] Commented: (DERBY-3711) convert store/aes.sql to junit test & add unrestricted test cases.

Wed, 11 Jun 2008 14:35:07 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-3711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604345#action_12604345
 ] 

Dag H. Wanvik commented on DERBY-3711:
--------------------------------------

I think the property derby.encryptionBlockSize is only ever used to persist 
this quantity
between boots (in service.properties) and can not be set by users. Jean's 
presentation seems
to indicate that. So does the code in RawStore#setupEncryptionEngines, I think.
But there seems to be a vulnerability here, cf also DERBY-46.

As for encryptionKeyLength, it seems this can be specified (per Dan's paper and 
code below) 
and should probably be documented, cf this code fragment in JCECipherFactory:

                // case 1 - if 'encryptionKey' is not set and 
'encryptionKeyLength' is set, then use
                // the 'encryptionKeyLength' property value  as the keyLength 
in bits.
                // case 2 - 'encryptionKey' property is not set and 
'encryptionKeyLength' is not set, then
                // use the defaults keylength:  56bits for DES, 168 for DESede 
and 128 for any other encryption
                // algorithm
                if (externalKey == null && create) {
                        if(properties.getProperty(Attribute.CRYPTO_KEY_LENGTH) 
!= null)
                        {
                            :

> convert store/aes.sql to junit test & add unrestricted test cases.
> ------------------------------------------------------------------
>
>                 Key: DERBY-3711
>                 URL: https://issues.apache.org/jira/browse/DERBY-3711
>             Project: Derby
>          Issue Type: Task
>          Components: Test
>            Reporter: Myrna van Lunteren
>            Assignee: Myrna van Lunteren
>            Priority: Minor
>             Fix For: 10.5.0.0
>
>         Attachments: DERBY-3711-2.diff, DERBY-3711-2.stat, DERBY-3711_1.diff
>
>
> The store/aes.sql test can, because it's a master-based test, only test 
> what's guaranteed available, i.e. only the encryptionKeyLength=128.
> If it were a junit test, we could make it ignore the expected failures if the 
> larger key sizes weren't supported, but test otherwise.
> Having a junit test doesn't guarantee the test would get executed, of course, 
> but at least the test would exist. 
> Would it be useful/ok to have a message print to the console as a warning?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to