Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the cause of "java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property"?

Tags:

java

java-8

keystore

jceks

When I call the function under java.security.KeyStore:

public final Key getKey(String alias, char[] password)

I got the following error:

java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property
  at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352)
  at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136)
  at java.security.KeyStore.getKey(KeyStore.java:1023)

This error does not exist in any Java document, and only happens intermittenly. What is the cause of this error and how to fix it?

UPDATE: now it is revealed by @zeal that it is related to http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997. So without additional configuration only a few options of Key implementation can be used. However in the release note I found a statement:

Customers storing a SecretKey that does not serialize to the above types must modify the filter to make the key extractable.

This seems to be something new as it indicates that the key's serialization can be overridden by the program, is it the only way to make other key types compatible with JCEKS keystore?

like image 907
tribbloid Avatar asked Apr 23 '18 22:04

tribbloid

2 Answers

its causing because of issue in latest java version JDK-8 build 171. there has been a switch from jks to pkcs12 and it's the open issue at java side (latest JDK-8 build 171) in jcrypto: https://github.com/jcryptool/core/issues/120.

workaround for this is to switch JRE 8 build 171 build to JRE 8 build 144/121

like image 189
NikhilP Avatar answered Oct 13 '22 04:10

NikhilP

you can open /jre/lib/security/java.security file and try to find property jceks.key.serialFilter and add your filter class/package there.

At my end Old entry for jceks.key.serialFilter property was: 

jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*

Added org.apache.hadoop.crypto.key.**, so New Entry for jceks.key.serialFilter property is:

jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;org.apache.hadoop.crypto.key.**;!*
like image 2
PradeeP AgrawaL Avatar answered Oct 13 '22 02:10

PradeeP AgrawaL
Sign in to Comment

Related questions

List all active methods in jshell
performance issue on Spring Data Mongodb
How to add several jars to module path?
hibernate hql - return updated rows id list after execute update query
Is this Simple Factory violating the Open Closed Principle?
Hooking into start of JDBC transaction
Theoretical inquiry about overloading and type promotion in java
Parse week-based-year and week-of-week-based-year without separator character fails
How can I use @WebMvcTest for a Controller that uses an autowired ConversionService?
Testing Mono and Flux using Mockito
java.math.BigInteger cannot be cast to java.math.BigDecimal
Fill an new array with elements of array A that are missing form array B - Java
Apache Kafka 1.0.0 Streams API Multiple Multilevel groupby
Remove the white and black screen when starting the Android application made with Unity
java.lang.NoClassDefFoundError: Failed resolution of: Landroid/support/v4/graphics/drawable/DrawableWrapper;
Storing/Reusing intermediate results on a java 8 stream
How to add a body to a GET request in JAX-RS
Is there @JsonView equivalent in ASP.NET Web API
How do I access the default ToolBar from an Activity in Android?
Same column names in JOIN getting "column not found" error in ResultSet

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!