unsubscribe On Thu, Mar 9, 2017 at 6:27 PM, Burak Ongun <[email protected]> wrote:
> I encrypt file with openssl then put it on HDFS, I used AES/ECB, 128 bits > and salt option, and with some research I find out openssl uses PKCS5 > padding as default which are all defaults in CryptoFileLoader class here; > > https://apache.googlesource.com/sqoop/+/refs/heads/trunk/src > /java/org/apache/sqoop/util/password/CredentialProviderPasswordLoader.java > . > > > > Here is my encryption process: > > > # echo -n "password" > .pw > > # openssl enc -aes-128-ecb -salt -in .pw -out .pw.enc > > # hdfs dfs -put .opw.enc /user/user1/ > > > Sqoop version is 1.4.6 > > > Command: > > > sqoop import \ > > -Dorg.apache.sqoop.credentials.loader.class=org.apache. > sqoop.util.password.CryptoFileLoader \ > > -Dorg.apache.sqoop.credentials.loader.crypto.passphrase=sqoop \ > > --connect jdbc:oracle:thin:@host/database \ > > --username user1 \ > > --password-file /user/user1/.pw.enc \ > > --table db.table1 \ > > --hive-import \ > > --hive-overwrite \ > > --hive-table hivedb.table1 \ > > --hive-drop-import-delims > > > which gives: > > > 17/03/08 15:10:37 WARN tool.BaseSqoopTool: Failed to load password file > > java.io.IOException: Can't decrypt the password > > at org.apache.sqoop.util.password > .CryptoFileLoader.loadPassword(CryptoFileLoader.java:151) > > at org.apache.sqoop.util.Credenti > alsUtil.fetchPasswordFromLoader(CredentialsUtil.java:81) > > at org.apache.sqoop.util.Credenti > alsUtil.fetchPassword(CredentialsUtil.java:66) > > at org.apache.sqoop.tool.BaseSqoo > pTool.applyCredentialsOptions(BaseSqoopTool.java:1042) > > at org.apache.sqoop.tool.BaseSqoo > pTool.applyCommonOptions(BaseSqoopTool.java:997) > > at org.apache.sqoop.tool.ImportTool.applyOptions(ImportTool. > java:875) > > at org.apache.sqoop.tool.SqoopTool.parseArguments(SqoopTool. > java:435) > > at org.apache.sqoop.Sqoop.run(Sqoop.java:131) > > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > > at org.apache.sqoop.Sqoop.runSqoop(Sqoop.java:179) > > at org.apache.sqoop.Sqoop.runTool(Sqoop.java:218) > > at org.apache.sqoop.Sqoop.runTool(Sqoop.java:227) > > at org.apache.sqoop.Sqoop.main(Sqoop.java:236) > > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java: > 966) > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java: > 824) > > at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher. > java:436) > > at javax.crypto.Cipher.doFinal(Cipher.java:2165) > > at org.apache.sqoop.util.password > .CryptoFileLoader.loadPassword(CryptoFileLoader.java:149) > > ... 12 more > > Error while loading password file: Can't decrypt the password > > > I tried manually giving the other CryptoFileLoader parameters too and also > passing local file to the --password-file . > > I also tried using other algorithms such as CBC but they want parameters > (IV, key etc.) and I couldn't pass them because it isn't defined how to in > the CryptoFileLoader. > > I can decrypt the file back successfully with openssl. I can't decrypt > with Java program(?) > > > I saw there is an issue with padding but I didn't know what it is and how > to encrypt the file with a certain padding method or whatever else to do, > I'm not experienced with encryption. > > > There is also org.apache.sqoop.credentials.loader.crypto.iterations > parameter in the class which indicates number of PBKDF2 iterations but I > don't know if it changes anything. > > > Thanks for any help. > > -- > *BURAK ONGUN* >
