Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3710

cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.5.1.1
    • 10.5.3.0, 10.6.1.0
    • Services
    • None
    • reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15.
      AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars on your jvm
    • Normal
    • Repro attached
    • Data corruption

    Description

      Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192 after it's been shutdown fails like so:
      -----------------------
      ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details.
      ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct boot password.
      ----------------------

      This does not occur when you use encryptionKeyLength=128 (does not require unrestricted jars) nor encryptionKeyLength=256 (does require unrestricted policy jars).

      Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test the larger sizes (because it would diff & fail unless you have been able to adjust your jvm's policy jars), and secondly it doesn't shutdown before reconnecting.

      Attachments

        1. derby-3710-01-aa-digestPaddedPassword.diff
          6 kB
          Richard N. Hillegas
        2. derby-3710-01-ab-digestPaddedPassword.diff
          6 kB
          Richard N. Hillegas
        3. repro.sql
          3 kB
          Myrna van Lunteren
        4. repro-3710.sql
          2 kB
          Richard N. Hillegas

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-4325 Add a property that forces testEncryptionKeyLenths to run with key lengths 192 and 256

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Task - A task that needs to be done. DERBY-3711 convert store/aes.sql to junit test & add unrestricted test cases.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-4418 derbyall/encryptionAll/encryptionAll/aes fails on 10.4, 10.3 and 10.2 with Sun JVM 1.6.0_15 on Solaris

          • Major - Major loss of function.
          • Closed

          Activity

            People

              rhillegas Richard N. Hillegas
              myrna Myrna van Lunteren
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: