We want to encrypt our JGroups traffic, but looks like JGroups doesn't supports the keystore file generated by JDK's keytool application. Now our problem is we also use ActiveMQ in our application and using JDK's keytool for ActiveMQ keystore. So, as you can see we would end up having multiple keystores, which we want to avoid.
Is there any way we can use the same keystore for both ActiveMQ and JGroups running on the same box (same application)? Can JGroups somehow support JDK's generated keystore?
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
JGroups should support a JDK generated keystore, see http://wiki.jboss.org/wiki/Wiki.jsp?page=JGroupsENCRYPT. Look at JGroups/doc/ENCRYPT.html (ships with JGroups src), option 1.
There is an EncryptKeyStore.xml sample config which configures ENCRYPT as follows:
In the Encrypt.html for Option 1 and even in the Javadoc (http://www.jgroups.org/javagroupsnew/docs/javadoc/org/jgroups/protocols/ENCRYPT.html) it says,
"You cannot create a SecretKey keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore."
Does that means I can not use Java's "keytool" program to generate the Keystore? Do I've to use JGroups' KeyStoreGenerator program?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The keytool program with JDK 1.6 has a new argument "genseckey" which seems to work with JGroups. Prior to JDK 1.6 it didn't have that option. We are using JDK 1.5 (as JGroups is not supported on 1.6 yet).
I did generate the keystore using JDK 1.6 and it does works even when JGroups is running with JGroups 1.5. Here is the command I ran,
The JGroups come up, but now I am getting this exception whenever there are more than 1 member in the group,
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
Not sure where is this coming from. Any help?
Other question was do we have to put the password in clear text in the protocol stack?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, a more generic way (without us having to create setters) would be:
Properties props=encrypt.getProperties();
props.setProperty("storePassword", "mypwd");
// more changes
encrypt.setProperties(props);
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The docu says
"IMPORTANT- A keystore generated under each version of the 1.4 JDK can be incompatible with other JDK versions. Make sure you generate the keystore with the same JDK version as you are going to use at runtime. This is important for 1.4.2_04 and 1.4.2_05."
If you generate the keystore with JDK 6 and run JGroups with JDK 6, does this error still occur ?
I do support JGroups under JDK 6, I run it under JDK 6 by default all the time...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I tried with JDK 1.6.0_1 and still get the same exception,
2007-06-11 11:59:29,327 WARN [Incoming Thread] ENCRYPT - exception occurred decrypting message
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13..)
at javax.crypto.Cipher.doFinal(DashoA13..)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
I have tried 4-5 different encryption algorithms and all seem to give the same error. I am using the JGroups-2.5.0-beta-3.bin.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmm, we always used the BouncyCastle provider (ships with JGroups), but I see you're using the SUN provider. Can you run the BC provider just to see whether that works ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13..)
at javax.crypto.Cipher.doFinal(DashoA13..)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
at org.jgroups.protocols.UNICAST.up(UNICAST.java:263)
at org.jgroups.protocols.pbcast.NAKACK.handleMessage(NAKACK.java:723)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:549)
at org.jgroups.protocols.VERIFY_SUSPECT.up(VERIFY_SUSPECT.java:154)
at org.jgroups.protocols.FD.up(FD.java:328)
at org.jgroups.protocols.FD_SOCK.up(FD_SOCK.java:301)
at org.jgroups.protocols.MERGE2.up(MERGE2.java:145)
at org.jgroups.protocols.Discovery.up(Discovery.java:220)
at org.jgroups.protocols.TP$IncomingPacket.handleMyMessage(TP.java:1550)
at org.jgroups.protocols.TP$IncomingPacket.run(TP.java:1499)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
1) I'm using two channels - NotificationBus and RpcDispatcher.
2) I'm using Option 1 as specified in the Encrypt.html (but using JDK 1.6 genseckey tool).
3) In the Encrypt.html it tells that in the log file I should see something like,
04-Aug-2004 21:11:39 org.jgroups.protocols.ENCRYPT initSymCiphers
INFO: Initialized symmetric ciphers with secret key version �;ٺ�8=fԱ;qe2�
but, here is my log messages (they look little different),
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - key_store_name used is jgroups.keystore
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - store_password used is not null
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - key_password used is not null
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - alias used is pmkey
2007-06-11 12:58:42,960 INFO [main] ENCRYPT - Initializing symmetric ciphers
2007-06-11 12:58:43,132 INFO [main] ENCRYPT - Initialized symmetric ciphers with secret key (16 bytes) 81655336553344681256553365533937655335965533655338628
2007-06-11 12:58:43,163 DEBUG [main] ENCRYPT - set local address to 172.16.2.4:3060
2007-06-11 12:58:46,195 INFO [main] ENCRYPT - handling view: [172.16.2.4:3060|0][172.16.2.4:3060]
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - key_store_name used is jgroups.keystore
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - store_password used is not null
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - key_password used is not null
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - alias used is pmkey
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - Initializing symmetric ciphers
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - Initialized symmetric ciphers with secret key (16 bytes) 81655336553344681256553365533937655335965533655338628
2007-06-11 12:58:46,273 DEBUG [main] ENCRYPT - set local address to 172.16.2.4:3061
2007-06-11 12:58:49,430 INFO [Incoming Thread] ENCRYPT - handling view: [172.16.2.4:3060|1][172.16.2.4:3060, 172.16.2.4:3061]
2007-06-11 12:58:49,477 INFO [main] ENCRYPT - handling view: [172.16.2.4:3060|1][172.16.2.4:3060, 172.16.2.4:3061]
and once I get another member in the group, I start seeing the exception I refered earlier.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I did try with the BouncyProvider and followed the Encrypt.html directions (using JGroups KeyStoreGenerator class to generate the keystore), but still get the same exceptions.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think the problem is when I try to send notification on the NotificationBus when a new member joins the group. Without the send notification, it works fine. I do need to send out the node information to everyone when a new member joins.
I am able to reproduce the exception in JGroups demo code, NotificationBusDemo.java. Here is what I did,
1) Generate a keystore using JGroups' KeyStoreGenerator
2) Add the following line in the protocol stack of NotificationBusDemo.java in the main(),
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
at org.jgroups.protocols.UNICAST.up(UNICAST.java:263)
at org.jgroups.protocols.pbcast.NAKACK.handleMessage(NAKACK.java:723)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:549)
at org.jgroups.protocols.pbcast.NAKACK.handleXmitRsp(NAKACK.java:962)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:565)
at org.jgroups.protocols.VERIFY_SUSPECT.up(VERIFY_SUSPECT.java:154)
at org.jgroups.protocols.FD_SOCK.up(FD_SOCK.java:301)
at org.jgroups.protocols.MERGE2.up(MERGE2.java:145)
at org.jgroups.protocols.Discovery.up(Discovery.java:220)
at org.jgroups.protocols.TP$IncomingPacket.handleMyMessage(TP.java:1550)
at org.jgroups.protocols.TP$IncomingPacket.run(TP.java:1504)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
Any help?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Looks like loopback is the issue; if you set loopback="false" in the transport it works for me ("true" fails) with the following config:
<config>
<UDP mcast_recv_buf_size="64000" mcast_send_buf_size="32000" mcast_port="45566" ucast_recv_buf_size="64000"
use_incoming_packet_handler="false" mcast_addr="228.8.8.8"
loopback="false" ucast_send_buf_size="32000" ip_ttl="32"/>
<PING timeout="2000" num_initial_members="3"/>
<MERGE2 max_interval="10000" min_interval="5000"/>
<FD timeout="2000" max_tries="3" shun="true"/>
<VERIFY_SUSPECT timeout="1500"/>
<pbcast.NAKACK max_xmit_size="8192" gc_lag="50" retransmit_timeout="600,1200,2400,4800"/>
<UNICAST timeout="1200,2400,3600"/>
<pbcast.STABLE stability_delay="1000" desired_avg_gossip="20000" max_bytes="0"/>
<FRAG frag_size="8192" />
<ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
<pbcast.GMS print_local_addr="true" join_timeout="3000" join_retry_timeout="2000" shun="true"/>
</config>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We want to encrypt our JGroups traffic, but looks like JGroups doesn't supports the keystore file generated by JDK's keytool application. Now our problem is we also use ActiveMQ in our application and using JDK's keytool for ActiveMQ keystore. So, as you can see we would end up having multiple keystores, which we want to avoid.
Is there any way we can use the same keystore for both ActiveMQ and JGroups running on the same box (same application)? Can JGroups somehow support JDK's generated keystore?
Thanks.
JGroups should support a JDK generated keystore, see http://wiki.jboss.org/wiki/Wiki.jsp?page=JGroupsENCRYPT. Look at JGroups/doc/ENCRYPT.html (ships with JGroups src), option 1.
There is an EncryptKeyStore.xml sample config which configures ENCRYPT as follows:
<ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
defaultStore.keystore is the name of your keystore, so this should work.
In the Encrypt.html for Option 1 and even in the Javadoc (http://www.jgroups.org/javagroupsnew/docs/javadoc/org/jgroups/protocols/ENCRYPT.html) it says,
"You cannot create a SecretKey keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore."
Does that means I can not use Java's "keytool" program to generate the Keystore? Do I've to use JGroups' KeyStoreGenerator program?
This information may be dated. I suggest try out the key generator shipped with the JDK, and if it doesn't work, fall back to JGroups' key generator
The keytool program with JDK 1.6 has a new argument "genseckey" which seems to work with JGroups. Prior to JDK 1.6 it didn't have that option. We are using JDK 1.5 (as JGroups is not supported on 1.6 yet).
I did generate the keystore using JDK 1.6 and it does works even when JGroups is running with JGroups 1.5. Here is the command I ran,
./keytool -genseckey -v -alias pmKey -keystore jgroups.keystore -keypass mypass -storepass storepass -storetype jceks
Note, we do have to use "JCEKS" for JGroups.
In the protocol stack I put,
<ENCRYPT key_store_name="jgroups.keystore" store_password="storepass" key_password="mypass" alias="pmkey"/>
The JGroups come up, but now I am getting this exception whenever there are more than 1 member in the group,
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
Not sure where is this coming from. Any help?
Other question was do we have to put the password in clear text in the protocol stack?
I don't know about the encryption exception (I'll ping the original author).
// Other question was do we have to put the password in clear text in the protocol stack?
You don't need to. You can set the password when the stack is setup (before you call connect() on the Channel):
ProtocolStack stack=channel.getProtocolStack();
ENCRYPT encrypt=(ENCRYPT)stack.findProtocol("ENCRYPT");
encrypt.setKeyStorePassword();
Sorry, a more generic way (without us having to create setters) would be:
Properties props=encrypt.getProperties();
props.setProperty("storePassword", "mypwd");
// more changes
encrypt.setProperties(props);
The docu says
"IMPORTANT- A keystore generated under each version of the 1.4 JDK can be incompatible with other JDK versions. Make sure you generate the keystore with the same JDK version as you are going to use at runtime. This is important for 1.4.2_04 and 1.4.2_05."
If you generate the keystore with JDK 6 and run JGroups with JDK 6, does this error still occur ?
I do support JGroups under JDK 6, I run it under JDK 6 by default all the time...
I tried with JDK 1.6.0_1 and still get the same exception,
2007-06-11 11:59:29,327 WARN [Incoming Thread] ENCRYPT - exception occurred decrypting message
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13..)
at javax.crypto.Cipher.doFinal(DashoA13..)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
I have tried 4-5 different encryption algorithms and all seem to give the same error. I am using the JGroups-2.5.0-beta-3.bin.
Hmm, we always used the BouncyCastle provider (ships with JGroups), but I see you're using the SUN provider. Can you run the BC provider just to see whether that works ?
Here is full stacktrace,
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13..)
at javax.crypto.Cipher.doFinal(DashoA13..)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
at org.jgroups.protocols.UNICAST.up(UNICAST.java:263)
at org.jgroups.protocols.pbcast.NAKACK.handleMessage(NAKACK.java:723)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:549)
at org.jgroups.protocols.VERIFY_SUSPECT.up(VERIFY_SUSPECT.java:154)
at org.jgroups.protocols.FD.up(FD.java:328)
at org.jgroups.protocols.FD_SOCK.up(FD_SOCK.java:301)
at org.jgroups.protocols.MERGE2.up(MERGE2.java:145)
at org.jgroups.protocols.Discovery.up(Discovery.java:220)
at org.jgroups.protocols.TP$IncomingPacket.handleMyMessage(TP.java:1550)
at org.jgroups.protocols.TP$IncomingPacket.run(TP.java:1499)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
I am using UDP with Gossip Router,
<config>
<UDP
ip_mcast="false"
mcast_addr="228.10.10.10"
mcast_port="3092"
bind_addr="${jgroups.bindaddress.ip:jgroupshost}"
bind_port="${jgroups.bindaddress.port:3092}"
tos="16"
ucast_recv_buf_size="200000"
ucast_send_buf_size="640000"
mcast_recv_buf_size="250000"
mcast_send_buf_size="640000"
loopback="false"
discard_incompatible_packets="true"
max_bundle_size="64000"
max_bundle_timeout="30"
use_incoming_packet_handler="true"
use_outgoing_packet_handler="false"
ip_ttl="32"
enable_bundling="true"
use_concurrent_stack="true"
thread_pool.enabled="true"
thread_pool.min_threads="1"
thread_pool.max_threads="100"
thread_pool.keep_alive_time="20000"
thread_pool.queue_enabled="false"
thread_pool.queue_max_size="10"
thread_pool.rejection_policy="Run"
oob_thread_pool.enabled="true"
oob_thread_pool.min_threads="1"
oob_thread_pool.max_threads="4"
oob_thread_pool.keep_alive_time="30000"
oob_thread_pool.queue_enabled="true"
oob_thread_pool.queue_max_size="10"
oob_thread_pool.rejection_policy="Run"/>
</config>
Some additional information,
1) I'm using two channels - NotificationBus and RpcDispatcher.
2) I'm using Option 1 as specified in the Encrypt.html (but using JDK 1.6 genseckey tool).
3) In the Encrypt.html it tells that in the log file I should see something like,
04-Aug-2004 21:11:39 org.jgroups.protocols.ENCRYPT initSymCiphers
INFO: Initialized symmetric ciphers with secret key version �;ٺ�8=fԱ;qe2�
but, here is my log messages (they look little different),
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - key_store_name used is jgroups.keystore
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - store_password used is not null
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - key_password used is not null
2007-06-11 12:58:42,663 INFO [main] ENCRYPT - alias used is pmkey
2007-06-11 12:58:42,960 INFO [main] ENCRYPT - Initializing symmetric ciphers
2007-06-11 12:58:43,132 INFO [main] ENCRYPT - Initialized symmetric ciphers with secret key (16 bytes) 81655336553344681256553365533937655335965533655338628
2007-06-11 12:58:43,163 DEBUG [main] ENCRYPT - set local address to 172.16.2.4:3060
2007-06-11 12:58:46,195 INFO [main] ENCRYPT - handling view: [172.16.2.4:3060|0] [172.16.2.4:3060]
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - key_store_name used is jgroups.keystore
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - store_password used is not null
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - key_password used is not null
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - alias used is pmkey
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - Initializing symmetric ciphers
2007-06-11 12:58:46,242 INFO [main] ENCRYPT - Initialized symmetric ciphers with secret key (16 bytes) 81655336553344681256553365533937655335965533655338628
2007-06-11 12:58:46,273 DEBUG [main] ENCRYPT - set local address to 172.16.2.4:3061
2007-06-11 12:58:49,430 INFO [Incoming Thread] ENCRYPT - handling view: [172.16.2.4:3060|1] [172.16.2.4:3060, 172.16.2.4:3061]
2007-06-11 12:58:49,477 INFO [main] ENCRYPT - handling view: [172.16.2.4:3060|1] [172.16.2.4:3060, 172.16.2.4:3061]
and once I get another member in the group, I start seeing the exception I refered earlier.
I did try with the BouncyProvider and followed the Encrypt.html directions (using JGroups KeyStoreGenerator class to generate the keystore), but still get the same exceptions.
I think the problem is when I try to send notification on the NotificationBus when a new member joins the group. Without the send notification, it works fine. I do need to send out the node information to everyone when a new member joins.
I am able to reproduce the exception in JGroups demo code, NotificationBusDemo.java. Here is what I did,
1) Generate a keystore using JGroups' KeyStoreGenerator
2) Add the following line in the protocol stack of NotificationBusDemo.java in the main(),
"ENCRYPT(key_store_name=jgroups.keystore;store_password=storePassed;alias=mykey):" +
3) Add the following line in the memberJoined(..) method of NotificationBusDemo.java
4) Run 2 instances of NotificationBusDemo.java
5) You'll get the following error message,
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at org.jgroups.protocols.ENCRYPT._decrypt(ENCRYPT.java:838)
at org.jgroups.protocols.ENCRYPT.decryptMessage(ENCRYPT.java:831)
at org.jgroups.protocols.ENCRYPT.handleUpMessage(ENCRYPT.java:672)
at org.jgroups.protocols.ENCRYPT.up(ENCRYPT.java:533)
at org.jgroups.protocols.UNICAST.up(UNICAST.java:263)
at org.jgroups.protocols.pbcast.NAKACK.handleMessage(NAKACK.java:723)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:549)
at org.jgroups.protocols.pbcast.NAKACK.handleXmitRsp(NAKACK.java:962)
at org.jgroups.protocols.pbcast.NAKACK.up(NAKACK.java:565)
at org.jgroups.protocols.VERIFY_SUSPECT.up(VERIFY_SUSPECT.java:154)
at org.jgroups.protocols.FD_SOCK.up(FD_SOCK.java:301)
at org.jgroups.protocols.MERGE2.up(MERGE2.java:145)
at org.jgroups.protocols.Discovery.up(Discovery.java:220)
at org.jgroups.protocols.TP$IncomingPacket.handleMyMessage(TP.java:1550)
at org.jgroups.protocols.TP$IncomingPacket.run(TP.java:1504)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
Any help?
Bela,
Do you have any suggestions on this issue? I seem to be stuck at this point trying to use encryption.
thanks.
Looks like loopback is the issue; if you set loopback="false" in the transport it works for me ("true" fails) with the following config:
<config>
<UDP mcast_recv_buf_size="64000" mcast_send_buf_size="32000" mcast_port="45566" ucast_recv_buf_size="64000"
use_incoming_packet_handler="false" mcast_addr="228.8.8.8"
loopback="false" ucast_send_buf_size="32000" ip_ttl="32"/>
<PING timeout="2000" num_initial_members="3"/>
<MERGE2 max_interval="10000" min_interval="5000"/>
<FD timeout="2000" max_tries="3" shun="true"/>
<VERIFY_SUSPECT timeout="1500"/>
<pbcast.NAKACK max_xmit_size="8192" gc_lag="50" retransmit_timeout="600,1200,2400,4800"/>
<UNICAST timeout="1200,2400,3600"/>
<pbcast.STABLE stability_delay="1000" desired_avg_gossip="20000" max_bytes="0"/>
<FRAG frag_size="8192" />
<ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
<pbcast.GMS print_local_addr="true" join_timeout="3000" join_retry_timeout="2000" shun="true"/>
</config>
The JIRA issue is http://jira.jboss.com/jira/browse/JGRP-538