Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Command line Jasypt client encryption 'Operation not possible'

I am using Jasypt to store our database passwords in our hibernate config file in non-clear-text format.

Eg instead of

    <property name="hibernate.connection.username">user1</property>
    <property name="hibernate.connection.password">password1</property>

I want something like

    <property name="hibernate.connection.username">user1</property>
    <property name="hibernate.connection.password">ENC(0HY4F73HFPQ85CN)</property>

I am using the PBEWITHMD5ANDTRIPLEDES algorithm. I was reading up on it, and it seems that this may require installing a JCE, or a 'Jurisdiction Policy' extension. My question is, are these things already installed if I see this in my list of PBE Algorithms?

I ran the listAlgorithms.bat script:

C:\dev\jasypt-1.9.1\bin>listAlgorithms.bat

DIGEST ALGORITHMS:   [MD2, MD5, SHA, SHA-256, SHA-384, SHA-512]

PBE ALGORITHMS:      [PBEWITHMD5ANDDES, PBEWITHMD5ANDTRIPLEDES, PBEWITHSHA1ANDDESEDE, PBEWITHSHA1ANDRC2_40]

But when I try to encrypt my password, I get a very unhelpful error message:

C:\dev\jasypt-1.9.1\bin>encrypt.bat input=etrading_rw_123 password=encryptionkey algorithm=PBEWITHMD5ANDTRIPLEDES

----ENVIRONMENT-----------------

Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 20.14-b01



----ARGUMENTS-------------------

algorithm: PBEWITHMD5ANDTRIPLEDES
input: etrading_rw_123
password: encryptionkey



----ERROR-----------------------

Operation not possible (Bad input or parameters)

If I run the same script with algorithm=PBEWITHMD5ANDDES, it works fine. Does the list of 'supported algorithms' actually mean 'algorithms that would be supported if you enabled them' rather than 'algorithms that are good to go'?

I am using Java version:

java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)
like image 931
Matt Avatar asked Dec 10 '13 14:12

Matt


People also ask

How do I decrypt with Jasypt?

The required steps to use it are: Create an instance (using new). Set a password (using setPassword(String) or setPasswordCharArray(char[])). Perform the desired encrypt(String) or decrypt(String) operations.

What is the use of Jasypt jar?

Jasypt is a Java library which allows developers to add basic encryption capabilities to projects with minimum effort, and without the need of having an in-depth knowledge about implementation details of encryption protocols.

Is Jasypt secure?

Jasypt stands for Java Simplified Encryption.It provides basic encryption of plain-text, numbers, binaries to secure confidential data.It is completely thread safe and provides high performance in multi-processor too.


1 Answers

I faced this problem because of some lack of information in the Jasypt CLI usage description.

The default generator to generate the initial value is NoIvGenerator. For some/most algorithms the IV generated this way is not valid, so the error message above is displayed. You have to add the additional parameter ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator to make it work.

See: https://github.com/jasypt/jasypt/issues/8

like image 86
Crayciv Avatar answered Sep 23 '22 01:09

Crayciv