Jasypt CLI error Operation not possible (Bad input or parameters)

Question

I'm running into an issue identical to Command line Jasypt client encryption 'Operation not possible' however that post is for a much older version of Java.

I've checked the path listed for java (in java_home below) and see the lib\security\policy\unlimited folder with the necessary .jar files but I still get the below error.

While it may or may not be related I cannot get the arg ivGeneratorClassName=RandomIvGenerator to work either which is driving me almost equally nuts. It throws a ClassNotFound exception but by George the class org.jasypt.iv.RandomIvGenerator is there when I expand it out in Eclipse.

Jasypt output:

C:\jsypt\bin>encrypt.bat input=SomeVeryLongPassword password=MixItUpALot algorit
hm=PBEWITHHMACSHA256ANDAES_256

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) Client VM 25.171-b11



----ARGUMENTS-------------------

algorithm: PBEWITHHMACSHA256ANDAES_256
input: SomeVeryLongPassword
password: MixItUpALot



----ERROR-----------------------

Operation not possible (Bad input or parameters)

Algorythm list (formatted to be slightly more readable):

    C:\jsypt\bin>listAlgorithms.bat

    DIGEST ALGORITHMS:   [MD2, MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512]

    PBE ALGORITHMS:      [PBEWITHHMACSHA1ANDAES_128, PBEWITHHMACSHA1ANDAES_256, PBEWITHHMACSHA224ANDAES_128, 
    PBEWITHHMACSHA224ANDAES_256, PBEWITHHMACSHA256ANDAES_128, PBEWITHHMACSHA256ANDAES_256, PBEWITHHMACSHA384ANDAES_128, 
PBEWITHHMACSHA384ANDAES_256, PBEWITHHMACSHA512ANDAES_128, PBEWITHHMACSHA512ANDAES_256, PBEWITHMD5ANDDES,  
PBEWITHMD5ANDTRIPLEDES, PBEWITHSHA1ANDDESEDE, PBEWITHSHA1ANDRC2_128, PBEWITHSHA1ANDRC2_40, PBEWITHSHA1ANDRC4_128,
PBEWITHSHA1ANDRC4_40]

Java Version:

C:\jsypt\bin>java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) Client VM (build 25.171-b11, mixed mode, sharing)

Java Home:

C:\jsypt\bin>set JAVA_HOME
JAVA_HOME=C:\Program Files (x86)\Java\jre1.8.0_171

A quick run of the program below yields: 2147483647 which indicates unlimited is enabled. So I'm totally lost.

try {
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
System.out.println(maxKeyLen);
} catch (Exception e) {
    System.out.println(e);
}

EDIT: This appears to be related to the CLI is executing. Threw together the below code from the sample usage (changing the algorithm) and it is able to generate the encrypted password. The below is a work around for me but I would like to be able to do this from CLI as to not need to edit/compile/run this every 90 days when the password is supposed to be changed.

try {
         StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
         encryptor.setPassword("jasypt"); // could be got from web, env variable...
         encryptor.setAlgorithm("PBEWITHHMACSHA256ANDAES_256");
         encryptor.setIvGenerator(new RandomIvGenerator());
         String encrypted = encryptor.encrypt("ThisisaATest");
         System.out.println(encrypted);
} catch (Exception e) {
    System.out.println(e);
}

Answer 1

I had the same problem and the second answer in the post you referenced (Command line Jasypt client encryption 'Operation not possible') fixed it.

I faced this problem because of some lack of information in the Jasypt CLI usage description.

The default generator to generate the initial value is NoIvGenerator. For some/most algorithms the IV generated this way is not valid, so the error message above is displayed. You have to add the additional parameter ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator to make it work.

See: https://github.com/jasypt/jasypt/issues/8