org.jasypt.exceptions.EncryptionOperationNotPossibleException in Tomcat

Question

I'm using the Jasypt encryption library to encrypt/decrypt some text. This code is embedded in a WAR file and deployed to a server.

When running locally, and in unit tests, the encrypt/decrypt cycle works perfectly. I use Jetty to develop the application. The code works perfectly in that server. For some reason, deploying to Tomcat breaks it with the following exception:

FYI, I have the strong encryption libraries installed in both my local and server environments and I'm using the latest 1.6 version (patch level 25).

org.jasypt.exceptions.EncryptionOperationNotPossibleException

The exception has no message.

The code is fully symmetric. I pasted it here for examination. Here are the relevant bits:

I found one old Nabble post where a user had a very similar problem. Code worked everywhere except inside Tomcat. No solution was given.

Any insights would be most appreciated.

**Update: ** Running in Tomcat on my local system, it appears to work. So there's something about my server. On the server, I'm using a 64-bit JVM on Windows Server 2008. I'm using a 32-bit JVM locally (due to my system being a bit older). I wonder if this has something to do with the issue.

public void initializeService() {
    binaryEncryptor = new BasicBinaryEncryptor();
    binaryEncryptor.setPassword(keyBase64);
}

@Override
public <T extends Serializable> String simpleEncrypt(T objectToEncrypt) throws EncryptionException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    try {
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(objectToEncrypt);

        byte[] bytes = binaryEncryptor.encrypt(bos.toByteArray());
        return new String(Base64.encodeBase64(bytes));
    } catch (IOException e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
};

@SuppressWarnings("unchecked")
@Override
public <T> T simpleDecrypt(String objectToDecrypt) throws EncryptionException {
    try {
        byte[] bytes = Base64.decodeBase64(objectToDecrypt);
        byte[] decryptedBytes = binaryEncryptor.decrypt(bytes);

        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(decryptedBytes));
        T object = (T)ois.readObject();
        return object;
    } catch (IOException e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
}

Answer 1

@biniam_Ethiopia
I would have commented your answer but I have not enough reputation, so I write my own answer:

I had a very similiar problem, but in my case it was because of changing the encryption algorithm (PBEWithMD5AndTripleDES), while entries in the db were saved with a different one before (PBEWithMD5AndDES). So I got a EncryptionOperationNotPossibleException too, which is without information because of @Nathan Feger's comment above.

I hope this could help somebody someday too ;)

Answer 2

Here is a link to the docs: http://www.jasypt.org/faq.html#i-keep-on-receiving-encryption-operation-not-possible

• Is encryption and decryption config identical
• Check to make sure table columns are large enough
• Base64 encoding and urlencoding can conflict, so it has to be done just right.

Answer 3

I faced similar problem. For me, it was because it was trying to decrypt a password which could not have been decrypted using the decrypting mechanism.

Hence, I encrypted the password and stored it in database before the decrypt method tries to decrypt it.

I hope it helps someone.