Maven password encryption BadPaddingException

Question

I'm trying to encrypt a server password in my settings.xml and I'm getting this exception when trying to deploy an artifact.

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
    at javax.crypto.Cipher.doFinal(Cipher.java:2087)
    at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:185)
    ... 18 more

here's the excerpt from the xml

<server>
            <id>server</id>
            <username>username</username>
            <password>{N8AF8BmQ5x8HZX/yrlrP1QiKNMEdoXWyBFZd/*zIabY=}</password> 
        </server>

the same exception is also happening for my master password, I just followed the instructions here https://maven.apache.org/guides/mini/guide-encryption.html created a security-settings.xml like in the guide, executed these two commands and copied the encrypted passwords into the appropriate xml files.

mvn --encrypt-master-password <password>
mvn --encrypt-password <password>

Answer 1

Or maybe by accident you copy-pasted the wrong parameter:

--encrypt-master-password 

and put the output in settings.xml instead of:

--encrypt-password

which got me into trouble. (Darn password expiration policies)

Answer 2

Let's understand the problem here.

mvn encryption password is used to ensure secured access to the protected repository servers (possible Nexus or JFrog).

This access is based on 2 settings.

1. Common settings available in <MAVEN_HOME>/conf/settings.xml which will define the list of repositories and required username password for them. A typical entry would look like below

<server>
      <id>my.server</id>
      <username>foo</username>
      <password>{COQLCE6DU6GtcS5P=}</password>
 </server>

To have a password for this file, the command is

mvn --encrypt-password <password>

2. User specific settings available in local repo path (can be found in the <MAVEN_HOME>/conf/settings.xml) something like C:/Users/user/.m2/settings-security.xml which looks like below

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

To have a password for this file the mvn command is

mvn --encrypt-master-password <password>

Now the exception mentioned in the question is mostly the potential side effect of accidentally copying the password generated by mvn --encrypt-password <password> in the settings-security.file instead of using password generated by mvn --encrypt-master-password <password>

So double check your steps and it should solve the issue.

For detailed reference visit Maven - Password Encryption

Answer 3

In rare cases there's an escaping issue, that's probably happening here. Consider regenerating the masterpassword (with -emp or --encrypt-master-password) and/or password ( with -ep or --encrypt-password) . Their values will be different every time.