Hi Scott, can this be potential problem of breaking cc numbers...because the steps i used was.. 1)loading r607122 seed data and running application on it 2)added some account with cc numbers in the db 3)loaded 656976 version with seed data.. 4)re-execute the application 5)observation is that it is giving decryption error as in log
Thanks, Nabin Scott Gray wrote: > > Hi David > > Are you sure that is correct? EntityCrypto makes use of the StringUtil > hex > methods whose implementations have now changed, couldn't that potentially > break existing cc numbers? > > Thanks > Scott > > 2008/6/1 David E Jones <[EMAIL PROTECTED]>: > >> >> Quick note: there have been no changes around credit card encryption, >> which >> is two-way (ie encrypt and decrypt), only around the one-way password >> encryption. >> >> -David >> >> >> >> On May 31, 2008, at 11:25 AM, Jacques Le Roux wrote: >> >> Is this a production DB or only test ? Yes, there have been some changes >>> around encryption these last times. You may search for "crypt" in the >>> commit >>> ML; >>> BTW I was not aware about problems with older DB (and I did not find any >>> 607122 revision) from these changes. >>> >>> Jacques >>> >>> From: "nabin" <[EMAIL PROTECTED]> >>> >>>> >>>> Hi, >>>> I am using Ofbiz r607122 with postgress database. Now I am getting >>>> "Problem >>>> decrypting field [CreditCard / cardNumber]" while using the Ofbiz >>>> r656976 >>>> with my existing databse. >>>> I am also getting encrypted credit card number in webtools(Entity Data >>>> Maintenance). But if I use a new instance of database then I am not >>>> getting >>>> that exception. Also the credit card number is as it is(non-encrypted) >>>> in >>>> webtools. >>>> Could anybody please look into this? >>>> The exception that I am getting: >>>> >>>> 2008-05-20 14:48:41,664 (http-0.0.0.0-8443-Processor2) [ >>>> GenericDelegator.java:3215:WARN ] >>>> ---- exception report >>>> ---------------------------------------------------------- >>>> Problem decrypting field [CreditCard / cardNumber] >>>> Exception: org.ofbiz.entity.EntityCryptoException >>>> Message: Given final block not properly padded >>>> ---- stack trace >>>> --------------------------------------------------------------- >>>> org.ofbiz.entity.EntityCryptoException: Given final block not properly >>>> padded >>>> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:87) >>>> >>>> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3210) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.currentGenericValue(EntityListIterator.java:152) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.next(EntityListIterator.java:287) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.getCompleteList(EntityListIterator.java:401) >>>> org.ofbiz.entity.GenericDelegator.findList(GenericDelegator.java:2286) >>>> org.ofbiz.entity.GenericDelegator.findByAnd(GenericDelegator.java:1932) >>>> org.ofbiz.minilang.method.entityops.FindByAnd.exec(FindByAnd.java:93) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleService(SimpleMethod.java:116) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.serviceInvoker(SimpleServiceEngine.java:76) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.runSync(SimpleServiceEngine.java:51) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:149) >>>> >>>> org.ofbiz.service.eca.ServiceEcaAction.runAction(ServiceEcaAction.java:135) >>>> org.ofbiz.service.eca.ServiceEcaRule.eval(ServiceEcaRule.java:151) >>>> org.ofbiz.service.eca.ServiceEcaUtil.evalRules(ServiceEcaUtil.java:155) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:571) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) >>>> org.ofbiz.minilang.method.callops.CallService.exec(CallService.java:246) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.ifops.IfEmpty.exec(IfEmpty.java:84) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:76) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> >>>> org.ofbiz.minilang.method.callops.CallSimpleMethod.exec(CallSimpleMethod.java:75) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:88) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleEvent(SimpleMethod.java:95) >>>> >>>> org.ofbiz.webapp.event.SimpleEventHandler.invoke(SimpleEventHandler.java:72) >>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:454) >>>> >>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:281) >>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>> org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:78) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:615) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:688) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) >>>> >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) >>>> >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >>>> >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) >>>> >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) >>>> >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) >>>> >>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) >>>> >>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) >>>> >>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) >>>> >>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) >>>> >>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) >>>> java.lang.Thread.run(Thread.java:595) >>>> org.ofbiz.base.util.GeneralException: Given final block not properly >>>> padded >>>> org.ofbiz.base.crypto.DesCrypt.decrypt(DesCrypt.java:79) >>>> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:85) >>>> >>>> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3210) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.currentGenericValue(EntityListIterator.java:152) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.next(EntityListIterator.java:287) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.getCompleteList(EntityListIterator.java:401) >>>> org.ofbiz.entity.GenericDelegator.findList(GenericDelegator.java:2286) >>>> org.ofbiz.entity.GenericDelegator.findByAnd(GenericDelegator.java:1932) >>>> org.ofbiz.minilang.method.entityops.FindByAnd.exec(FindByAnd.java:93) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleService(SimpleMethod.java:116) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.serviceInvoker(SimpleServiceEngine.java:76) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.runSync(SimpleServiceEngine.java:51) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:149) >>>> >>>> org.ofbiz.service.eca.ServiceEcaAction.runAction(ServiceEcaAction.java:135) >>>> org.ofbiz.service.eca.ServiceEcaRule.eval(ServiceEcaRule.java:151) >>>> org.ofbiz.service.eca.ServiceEcaUtil.evalRules(ServiceEcaUtil.java:155) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:571) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) >>>> org.ofbiz.minilang.method.callops.CallService.exec(CallService.java:246) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.ifops.IfEmpty.exec(IfEmpty.java:84) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:76) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> >>>> org.ofbiz.minilang.method.callops.CallSimpleMethod.exec(CallSimpleMethod.java:75) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:88) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleEvent(SimpleMethod.java:95) >>>> >>>> org.ofbiz.webapp.event.SimpleEventHandler.invoke(SimpleEventHandler.java:72) >>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:454) >>>> >>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:281) >>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>> org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:78) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:615) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:688) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) >>>> >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) >>>> >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >>>> >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) >>>> >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) >>>> >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) >>>> >>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) >>>> >>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) >>>> >>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) >>>> >>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) >>>> >>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) >>>> java.lang.Thread.run(Thread.java:595) >>>> javax.crypto.BadPaddingException: Given final block not properly padded >>>> com.sun.crypto.provider.SunJCE_h.b(DashoA12275) >>>> com.sun.crypto.provider.SunJCE_h.b(DashoA12275) >>>> com.sun.crypto.provider.DESedeCipher.engineDoFinal(DashoA12275) >>>> javax.crypto.Cipher.doFinal(DashoA12275) >>>> org.ofbiz.base.crypto.DesCrypt.decrypt(DesCrypt.java:72) >>>> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:85) >>>> >>>> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3210) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.currentGenericValue(EntityListIterator.java:152) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.next(EntityListIterator.java:287) >>>> >>>> org.ofbiz.entity.util.EntityListIterator.getCompleteList(EntityListIterator.java:401) >>>> org.ofbiz.entity.GenericDelegator.findList(GenericDelegator.java:2286) >>>> org.ofbiz.entity.GenericDelegator.findByAnd(GenericDelegator.java:1932) >>>> org.ofbiz.minilang.method.entityops.FindByAnd.exec(FindByAnd.java:93) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleService(SimpleMethod.java:116) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.serviceInvoker(SimpleServiceEngine.java:76) >>>> >>>> org.ofbiz.minilang.SimpleServiceEngine.runSync(SimpleServiceEngine.java:51) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:149) >>>> >>>> org.ofbiz.service.eca.ServiceEcaAction.runAction(ServiceEcaAction.java:135) >>>> org.ofbiz.service.eca.ServiceEcaRule.eval(ServiceEcaRule.java:151) >>>> org.ofbiz.service.eca.ServiceEcaUtil.evalRules(ServiceEcaUtil.java:155) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:571) >>>> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >>>> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) >>>> org.ofbiz.minilang.method.callops.CallService.exec(CallService.java:246) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.ifops.IfEmpty.exec(IfEmpty.java:84) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:76) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> >>>> org.ofbiz.minilang.method.callops.CallSimpleMethod.exec(CallSimpleMethod.java:75) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.method.conditional.MasterIf.exec(MasterIf.java:88) >>>> org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:1104) >>>> org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:744) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:134) >>>> org.ofbiz.minilang.SimpleMethod.runSimpleEvent(SimpleMethod.java:95) >>>> >>>> org.ofbiz.webapp.event.SimpleEventHandler.invoke(SimpleEventHandler.java:72) >>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:454) >>>> >>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:281) >>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>> org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:78) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:615) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:688) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) >>>> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >>>> >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) >>>> >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) >>>> >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >>>> >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) >>>> >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) >>>> >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) >>>> >>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) >>>> >>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) >>>> >>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) >>>> >>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) >>>> >>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) >>>> java.lang.Thread.run(Thread.java:595) >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Problem-decrypting-field--CreditCard---cardNumber--tp17532434p17532434.html >>>> Sent from the OFBiz - User mailing list archive at Nabble.com. >>>> >>> >>> >> > > -- View this message in context: http://www.nabble.com/Problem-decrypting-field--CreditCard---cardNumber--tp17532434p17640675.html Sent from the OFBiz - User mailing list archive at Nabble.com.