[jira] [Commented] (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[ https://issues.apache.org/jira/browse/DERBY-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13212428#comment-13212428 ] Mike Matrigali commented on DERBY-1740: --- triaged for 10.9 > Change error message to indicate encryptionkey length to be atleast 16 > characters instead of 8 characters > - > > Key: DERBY-1740 > URL: https://issues.apache.org/jira/browse/DERBY-1740 > Project: Derby > Issue Type: Bug > Components: Store >Affects Versions: 10.0.2.0 > Environment: Any >Reporter: Rajesh Kartha >Priority: Minor > Labels: derby_triage10_5_2, derby_triage10_9 > Attachments: derby-1740-1a.diff > > > While attempting to create a encrypted database with even key length of 14 > characters, it fails with the error message indicating the key length should > be atleast 8 characters. > -- > -- Attempt to encrypt using key of lenght 14 > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=11223344556677'; > ERROR XJ041: Failed to create database 'adb', see the next exception for > details. > ERROR XBM01: Startup failed due to an exception. See next exception for > details. > ERROR XBCX2: Initializing cipher with a boot password that is too short. The > password must be at least 8 characters long. > -- > --Requires 16 characters for the encryptionKey > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=1122334455667788'; > ij> -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[
http://issues.apache.org/jira/browse/DERBY-1740?page=comments#action_12432109 ]
Francois Orsini commented on DERBY-1740:
> It seems the concepts of 'bootPassword' and 'encryptionKey' are pretty much
unrelated [in Derby].
> If you create the database with a boot password, you must always boot the
database with a boot password.
> You cannot specify a "corresponding" encryption key to boot it. The same
goes for encryptionKey, you cannot
> boot it using a corresponding boot password.
> Is my understanding correct?
That is correct Kristian. You use either one of them but not both at the same
time - as well as you can't use some encryption key generated out of a
bootPassword as it is not made available (not known).
> Further, it seems code handling these two concepts are co-located in the
same classes/methods,
> and often a single error message is used for error-situations for both
concepts.
> For instance, if I create an encrypted database using the encryptionKey
attribute and try to boot it using
> an incorrect encryptionKey, or by using the bootPassword attribute, I get:
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed
without the correct boot password.
> Also, specifying both attributes gives the same exception/SQLState as above.
Correct - This is what the code does at the moment.
> Thus it seems this Jira is only one of several related
problems/inaccuracies related to
> creating/booting encrypted databases.
> Can anyone with more knowledge comment on this?
Yes, error messaging has to be improved for some of the various scenarios you
already came accross...
The bootPassword must be of at least 8 bytes as the default cipher algorithm is
DES (56 bits)...The external encryption key (when specified instead of the
bootPassword) should be of a particular length (Hex string) depending on the
cipher algorithm being specified or not (default being DES)...Of course, the
minimum for the external encryption key also has to be of 16 bytes (8x2) (with
a default cipher as DES).
Your patch looks good IMO. I would re-phrase the error message into something
like:
XBCXM.S.1=The length of the external encryption key is {0}, it should be of at
least {1}.
Yes it is ok to use bytes for the bootPassword and hex string length for the
(external) encryption key as a the units.
Hope this helps a bit. There are some improvements that can be done in this
area of code - certainly some refactoring as well as better handling of
encryption key length, determining weak and semi-weak keys (other than just for
DES - e.g. 3DES) ) for the various supported crypto cipher algorithms wherever
it makes sense...
You should test the patch with the database encryption test suite as well of
course.
> Change error message to indicate encryptionkey length to be atleast 16
> characters instead of 8 characters
> -
>
> Key: DERBY-1740
> URL: http://issues.apache.org/jira/browse/DERBY-1740
> Project: Derby
> Issue Type: Bug
>Affects Versions: 10.0.2.0
> Environment: Any
>Reporter: Rajesh Kartha
>Priority: Minor
> Fix For: 10.2.1.0
>
> Attachments: derby-1740-1a.diff
>
>
> While attempting to create a encrypted database with even key length of 14
> characters, it fails with the error message indicating the key length should
> be atleast 8 characters.
> --
> -- Attempt to encrypt using key of lenght 14
> --
> ij> connect
> 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=11223344556677';
> ERROR XJ041: Failed to create database 'adb', see the next exception for
> details.
> ERROR XBM01: Startup failed due to an exception. See next exception for
> details.
> ERROR XBCX2: Initializing cipher with a boot password that is too short. The
> password must be at least 8 characters long.
> --
> --Requires 16 characters for the encryptionKey
> --
> ij> connect
> 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=1122334455667788';
> ij>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[ http://issues.apache.org/jira/browse/DERBY-1740?page=comments#action_12430991 ] Kristian Waagan commented on DERBY-1740: I think my previous comment is incorrect. Can anyone help my out here? It seems the concepts of 'bootPassword' and 'encryptionKey' are pretty much unrelated [in Derby]. If you create the database with a boot password, you must always boot the database with a boot password. You cannot specify a "corresponding" encryption key to boot it. The same goes for encryptionKey, you cannot boot it using a corresponding boot password. Is my understanding correct? Further, it seems code handling these two concepts are co-located in the same classes/methods, and often a single error message is used for error-situations for both concepts. For instance, if I create an encrypted database using the encryptionKey attribute and try to boot it using an incorrect encryptionKey, or by using the bootPassword attribute, I get: ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct boot password. Also, specifying both attributes gives the same exception/SQLState as above. Thus it seems this Jira is only one of several related problems/inaccuracies related to creating/booting encrypted databases. Can anyone with more knowledge comment on this? > Change error message to indicate encryptionkey length to be atleast 16 > characters instead of 8 characters > - > > Key: DERBY-1740 > URL: http://issues.apache.org/jira/browse/DERBY-1740 > Project: Derby > Issue Type: Bug >Affects Versions: 10.0.2.0 > Environment: Any >Reporter: Rajesh Kartha >Priority: Minor > Fix For: 10.2.1.0 > > Attachments: derby-1740-1a.diff > > > While attempting to create a encrypted database with even key length of 14 > characters, it fails with the error message indicating the key length should > be atleast 8 characters. > -- > -- Attempt to encrypt using key of lenght 14 > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=11223344556677'; > ERROR XJ041: Failed to create database 'adb', see the next exception for > details. > ERROR XBM01: Startup failed due to an exception. See next exception for > details. > ERROR XBCX2: Initializing cipher with a boot password that is too short. The > password must be at least 8 characters long. > -- > --Requires 16 characters for the encryptionKey > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=1122334455667788'; > ij> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[ http://issues.apache.org/jira/browse/DERBY-1740?page=comments#action_12429833 ] Kristian Waagan commented on DERBY-1740: Thank you Rajesh :) The reason I asked for more information was that I did not see the problem when I *thought* I ran the repro from the description. Maybe I copied the valid connection string twice... Anyway, I am now seeing the problem on both Solaris (x86) and Linux (amd64). The extra information you provided will be helpful for the person taking this issue on! Regards, > Change error message to indicate encryptionkey length to be atleast 16 > characters instead of 8 characters > - > > Key: DERBY-1740 > URL: http://issues.apache.org/jira/browse/DERBY-1740 > Project: Derby > Issue Type: Bug >Affects Versions: 10.0.2.0 > Environment: Any >Reporter: Rajesh Kartha >Priority: Minor > Fix For: 10.2.1.0 > > > While attempting to create a encrypted database with even key length of 14 > characters, it fails with the error message indicating the key length should > be atleast 8 characters. > -- > -- Attempt to encrypt using key of lenght 14 > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=11223344556677'; > ERROR XJ041: Failed to create database 'adb', see the next exception for > details. > ERROR XBM01: Startup failed due to an exception. See next exception for > details. > ERROR XBCX2: Initializing cipher with a boot password that is too short. The > password must be at least 8 characters long. > -- > --Requires 16 characters for the encryptionKey > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=1122334455667788'; > ij> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[ http://issues.apache.org/jira/browse/DERBY-1740?page=comments#action_12429781 ] Rajesh Kartha commented on DERBY-1740: -- The issue is only when the 'encryptionKey' paramater is used and is of length less than 16. For example: connect 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionKey=11223344556677'; the error message is: ERROR XBCX2: Initializing cipher with a boot password that is too short, must be at least 8 characters long Two issues here are: 1) the length should mention 'atleast 16 characters long' 2) the message indicates 'boot password' shouldn't that be made 'encryption key' Note: In this case I am not using any specific security provider. For the 'bootPassword' parameter the message and behaviour is consistent. Stack Trace: === Here is the stack trace from the sane build of trunk: C:\derby\trunk\TEST>java -Dij.exceptionTrace=true org.apache.derby.tools.ij ij version 10.3 ij> connect 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionKey=11223344556677'; ERROR XJ041: Failed to create database 'adb', see the next exception for details . java.sql.SQLException: Failed to create database 'adb', see the next exception for details. at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:45) at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:89) at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:95) at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Util.java:174) at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(EmbedConnection.java:1985) at org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(EmbedConnection.java:1600) at org.apache.derby.impl.jdbc.EmbedConnection.(EmbedConnection.java:250) at org.apache.derby.impl.jdbc.EmbedConnection30.(EmbedConnection30.java:73) at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Driver30.java:74) at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:210) at org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:117) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:140) at org.apache.derby.impl.tools.ij.ij.dynamicConnection(ij.java:1109) at org.apache.derby.impl.tools.ij.ij.ConnectStatement(ij.java:959) at org.apache.derby.impl.tools.ij.ij.ijStatement(ij.java:787) at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(utilMain.java:327) at org.apache.derby.impl.tools.ij.utilMain.go(utilMain.java:249) at org.apache.derby.impl.tools.ij.Main.go(Main.java:204) at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:170) at org.apache.derby.impl.tools.ij.Main14.main(Main14.java:56) at org.apache.derby.tools.ij.main(ij.java:70) ERROR XBM01: Startup failed due to an exception. See next exception for details. ERROR XBM01: Startup failed due to an exception. See next exception for details. at org.apache.derby.iapi.error.StandardException.newException(StandardException.java:298) at org.apache.derby.iapi.services.monitor.Monitor.exceptionStartingModule(Monitor.java:669) at org.apache.derby.impl.services.monitor.BaseMonitor.bootService(BaseMonitor.java:1850) at org.apache.derby.impl.services.monitor.BaseMonitor.createPersistentService(BaseMonitor.java:1014) at org.apache.derby.iapi.services.monitor.Monitor.createPersistentService(Monitor.java:588) at org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(EmbedConnection.java:1593) at org.apache.derby.impl.jdbc.EmbedConnection.(EmbedConnection.java:250) at org.apache.derby.impl.jdbc.EmbedConnection30.(EmbedConnection30.java:73) at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Driver30.java:74) at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:210) at org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:117) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:140) at org.apache.derby.impl.tools.ij.ij.dynamicConnection(ij.java:1109) at org.apache.derby.impl.tools.ij.ij.ConnectStatement(ij.java:959) at org.apache.derby.impl.tools.ij.ij.ijStatement(ij.java:787) at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(utilMain.java:327) at org.apache.derby.impl.tools.ij.utilMain.go(utilMain.java:249) at org.apache.derby.impl.tools.ij.Main.go(Main.java:204) at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:170) at org.apache.derby.impl.tools.ij.Main14.main(Main14.java:56) at org.apache.derby.tools.ij.main(ij.java:70) ERROR XBCX2: Initializing cipher with a
[jira] Commented: (DERBY-1740) Change error message to indicate encryptionkey length to be atleast 16 characters instead of 8 characters
[ http://issues.apache.org/jira/browse/DERBY-1740?page=comments#action_12429695 ] Kristian Waagan commented on DERBY-1740: Could you provide more detail on this issue? I'm not able to reproduce it. It caught my interest because I worked on DERBY-788. 1) Is the 'Affects Version/s' correct? It is terribly old :) 2) What JVM and security provider did you use? 3) Do you have a stack trace? In the trunk, there are only two places where the exception can be thrown. Thanks, > Change error message to indicate encryptionkey length to be atleast 16 > characters instead of 8 characters > - > > Key: DERBY-1740 > URL: http://issues.apache.org/jira/browse/DERBY-1740 > Project: Derby > Issue Type: Bug >Affects Versions: 10.0.2.0 > Environment: Any >Reporter: Rajesh Kartha >Priority: Minor > Fix For: 10.2.1.0 > > > While attempting to create a encrypted database with even key length of 14 > characters, it fails with the error message indicating the key length should > be atleast 8 characters. > -- > -- Attempt to encrypt using key of lenght 14 > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=11223344556677'; > ERROR XJ041: Failed to create database 'adb', see the next exception for > details. > ERROR XBM01: Startup failed due to an exception. See next exception for > details. > ERROR XBCX2: Initializing cipher with a boot password that is too short. The > password must be at least 8 characters long. > -- > --Requires 16 characters for the encryptionKey > -- > ij> connect > 'jdbc:derby:adb;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=1122334455667788'; > ij> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
