Spring Cloud Config Symmetric Key

Question

I have setup a simple project using Spring Cloud Config Server and I'm trying to simply encrypt and decrypt some values. I create the project as a Spring Starter Project using the following pom.xml with Spring Boot.

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.oreilly.cloud</groupId>
    <artifactId>spring-microservices-config-server6</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>spring-microservices-config-server6</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.4.2.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Camden.SR2</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

From there I modify the main Spring Boot Application class to add the @EnableConfigServer annotation as follows:

@SpringBootApplication
@EnableConfigServer
public class SpringMicroservicesConfigServer6Application {

    public static void main(String[] args) {
        SpringApplication.run(SpringMicroservicesConfigServer6Application.class, args);
    }
}

Within my application.properties file, I point to a git repository, setup the server port and enable symmetric key encryption using encrypt.key as follows:

server.port=8888
spring.cloud.config.server.git.uri=C:/Users/training/Desktop/sts-workspace/configuration
encrypt.key=secret

Next I open a bash shell and encrypt some data:

$ curl http://localhost:8888/encrypt -d Kevin

Which produces the value:

`315ca5592635e4f65e0a0278cd08f74b5cef27e8379bd0e0d81d08c9ed8fbac161d`

If I attempt to decrypt the value using:

$ curl localhost:8888/decrypt --data-urlencode 315ca5592635e4f65e0a0278cd08f74cef27e8379bd0e0d81d08c9ed8fbac161d

I receive the following error:

276description":"Text not encrypted with this key","status":"INVALID"}

I do not understand why this simple scenario is failing almost right out of the box. There is very minimal config manually required and I'm wondering if this is an issue with the config server? Can anyone help?

Answer 1

I just found out what's going on:

$ curl -X POST localhost:8888/encrypt -d FOO
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    67  100    64  100     3   4000    187 --:--:-- --:--:-- --:--:--  4000e474cd78d6c18e0e5395e67a3bc0865a75077650e91d2249d460e91d6989ce87

I took 4000e474cd78d6c18e0e5395e67a3bc0865a75077650e91d2249d460e91d6989ce87 as the encrypted text and it didn't work.

The problem is that the Current Speed column is right before the response so we are using it as if it were part of the response.

The actual ciphered text is, removing the current speed: e474cd78d6c18e0e5395e67a3bc0865a75077650e91d2249d460e91d6989ce87

$ curl localhost:8888/decrypt -d e474cd78d6c18e0e5395e67a3bc0865a75077650e91d2249d460e91d6989ce87
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    67  100     3  100    64    187   4000 --:--:-- --:--:-- --:--:--  4000FOO