Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3710

cannot access a database using AES encryption with encryptionKeyLength=192 after it's been shutdown

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.5.1.1
    • 10.5.3.0, 10.6.1.0
    • Services
    • None
    • reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15.
      AES encryption with encryptionKeyLength=192 requires unrestricted security policy jars on your jvm
    • Normal
    • Repro attached
    • Data corruption

    Description

      Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding, and encryptionKeyLength=192 after it's been shutdown fails like so:
      -----------------------
      ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception for details.
      ERROR XBM06: Startup failed. An encrypted database cannot be accessed without the correct boot password.
      ----------------------

      This does not occur when you use encryptionKeyLength=128 (does not require unrestricted jars) nor encryptionKeyLength=256 (does require unrestricted policy jars).

      Note: our test (in derbyall): store/aes.sql does not test this, firstly it doesn't test the larger sizes (because it would diff & fail unless you have been able to adjust your jvm's policy jars), and secondly it doesn't shutdown before reconnecting.

      Attachments

        1. derby-3710-01-aa-digestPaddedPassword.diff
          6 kB
          Richard N. Hillegas
        2. derby-3710-01-ab-digestPaddedPassword.diff
          6 kB
          Richard N. Hillegas
        3. repro.sql
          3 kB
          Myrna van Lunteren
        4. repro-3710.sql
          2 kB
          Richard N. Hillegas

        Issue Links

        is related to

        Improvement - An improvement or enhancement to an existing feature or task. DERBY-4325 Add a property that forces testEncryptionKeyLenths to run with key lengths 192 and 256

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Open

        Task - A task that needs to be done. DERBY-3711 convert store/aes.sql to junit test & add unrestricted test cases.

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Closed
        relates to

        Bug - A problem which impairs or prevents the functions of the product. DERBY-4418 derbyall/encryptionAll/encryptionAll/aes fails on 10.4, 10.3 and 10.2 with Sun JVM 1.6.0_15 on Solaris

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rhillegas Richard N. Hillegas
            myrna Myrna van Lunteren
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment