[
https://issues.apache.org/jira/browse/SHIRO-783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183419#comment-17183419
]
Brian Demers commented on SHIRO-783:
------------------------------------
It should be something like (from memory, forgive any typos):
{code:java}
AesCipherService cipherService = new AesCipherService();
cipherService.setMode(CBC);
cipherService.setStreamingMode(CBC);
cipherService.setPaddingScheme(PKCS5);{code}
This would have been the default form:
[https://github.com/apache/shiro/blob/shiro-root-1.4.1/crypto/cipher/src/main/java/org/apache/shiro/crypto/DefaultBlockCipherService.java#L167-L173]
by way of:
[https://github.com/apache/shiro/blob/shiro-root-1.4.1/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java]
> AES 256 encryption yeilds unsupported Tlen error on all shiro versions above
> 1.4.1
> ----------------------------------------------------------------------------------
>
> Key: SHIRO-783
> URL: https://issues.apache.org/jira/browse/SHIRO-783
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Affects Versions: 1.4.2
> Environment: windows 10, intelliJ, spring boot, java 11
> Reporter: Philip Harder
> Priority: Major
> Labels: AES256, spring-boot
>
> When trying to encrypt using AesCipherService, using a 256 bit key, on the
> latest verison of shiro, using java11, this error always appears:
>
> java.security.InvalidAlgorithmParameterException: Unsupported TLen value;
> must be one of \{128, 120, 112, 104, 96}
>
> This is puzzling because we are never setting the TLen value to anything, and
> this encyrption scheme was working just fine in another project. After some
> investigating, we noticed that setting our shiro dependency to an earlier
> version of 1.4.1 (or below) fixes this issue. Setting the key size to be 128
> also fixes the issue. This is again puzzling, could it be that setting a
> keysize of 256 is also touching the TLen value? Either way something seems
> buggy here, and to our best insight it isn't on our end. Although I'm not
> ruling out that possibility entirely. Below is the code we are using for our
> encryption (maybe we're setting up 256 encryption wrong for later versions of
> shiro). Were injecting this cryptkeeper class into a service to use that
> encrypt method.
>
> @Slf4j
> @Component
> public class CryptKeeper {
> private final byte[] key = new byte[32];
> private final AesCipherService cipherService = new AesCipherService();
> @Value("${encKey.path}")
> private String keyFileName;
> @PostConstruct
> private void init() throws IOException {
> cipherService.setKeySize(256);
> FileInputStream fileInputStream = new FileInputStream(keyFileName);
> int bytesRead = IOUtils.read(fileInputStream, key);
> log.info("{} bytes read from key file", bytesRead);
> log.info("key array has length {}", key.length);
> for (int i = 0; i < key.length; i++) {
> log.debug("index {}: {}", i, key[i]);
> }
> fileInputStream.close();
> }
> public byte[] encrypt(byte[] subject)
> { return cipherService.encrypt(subject, key).getBytes(); }
> }
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
