#32 encryption works but decryption does not, Java 8 (JCE jars installed).

v1.9.x
open
nobody
bug (1)
5
2 days ago
2014-08-13
nobulletnav
No

For the following PBE algorithms decryption is not working throwing org.jasypt.exceptions.EncryptionOperationNotPossibleException:

PBEWITHHMACSHA1ANDAES_128   
PBEWITHHMACSHA1ANDAES_256   
PBEWITHHMACSHA224ANDAES_128 
PBEWITHHMACSHA224ANDAES_256 
PBEWITHHMACSHA256ANDAES_128 
PBEWITHHMACSHA256ANDAES_256 
PBEWITHHMACSHA384ANDAES_128 
PBEWITHHMACSHA384ANDAES_256 
PBEWITHHMACSHA512ANDAES_128 
PBEWITHHMACSHA512ANDAES_256

Tested on:
1. Oracle JDK (1.8.0_05) on Debian 3.2.54-2 x86_64
2. Oracle JDK (1.8.0) on Mac OS X 10.9.4 (13E28)

The output for the simple tests (code is below and in the attachment):

A. Without JCE jars installed:

--------------------------------------------------------------------------------
Version: 1.8.0, max key length: 128 (JCE: NO)
--------------------------------------------------------------------------------
Algorithm                       Result                        
--------------------------------------------------------------------------------
PBEWITHHMACSHA1ANDAES_128       NOT_POSSIBLE_DECRYPT          
PBEWITHHMACSHA1ANDAES_256       NOT_POSSIBLE                  
PBEWITHHMACSHA224ANDAES_128     NOT_POSSIBLE_DECRYPT          
PBEWITHHMACSHA224ANDAES_256     NOT_POSSIBLE                  
PBEWITHHMACSHA256ANDAES_128     NOT_POSSIBLE_DECRYPT          
PBEWITHHMACSHA256ANDAES_256     NOT_POSSIBLE                  
PBEWITHHMACSHA384ANDAES_128     NOT_POSSIBLE_DECRYPT          
PBEWITHHMACSHA384ANDAES_256     NOT_POSSIBLE                  
PBEWITHHMACSHA512ANDAES_128     NOT_POSSIBLE_DECRYPT          
PBEWITHHMACSHA512ANDAES_256     NOT_POSSIBLE                  
PBEWITHMD5ANDDES                OK                            
PBEWITHMD5ANDTRIPLEDES          NOT_POSSIBLE                  
PBEWITHSHA1ANDDESEDE            OK                            
PBEWITHSHA1ANDRC2_128           OK                            
PBEWITHSHA1ANDRC2_40            OK                            
PBEWITHSHA1ANDRC4_128           OK                            
PBEWITHSHA1ANDRC4_40            OK                           
--------------------------------------------------------------------------------

B. With JCE jars installed:


Version: 1.8.0, max key length: 2147483647 (JCE: YES)

Algorithm Result

PBEWITHHMACSHA1ANDAES_128 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA1ANDAES_256 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA224ANDAES_128 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA224ANDAES_256 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA256ANDAES_128 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA256ANDAES_256 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA384ANDAES_128 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA384ANDAES_256 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA512ANDAES_128 NOT_POSSIBLE_DECRYPT
PBEWITHHMACSHA512ANDAES_256 NOT_POSSIBLE_DECRYPT
PBEWITHMD5ANDDES OK
PBEWITHMD5ANDTRIPLEDES OK
PBEWITHSHA1ANDDESEDE OK
PBEWITHSHA1ANDRC2_128 OK
PBEWITHSHA1ANDRC2_40 OK
PBEWITHSHA1ANDRC4_128 OK
PBEWITHSHA1ANDRC4_40 OK


The code below lists all existing PBE algorithms with AlgorithmRegistry.getAllPBEAlgorithms() and applies a simple test for each algorithm (encrypt and the decrypt with the same StandardPBEStringEncryptor).

package com.nobullet.encryption.test;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.registry.AlgorithmRegistry;

/**
 * Main encryption tests.
 *
 * @author nobulletnav
 */
public class Main {

    static final String DATA = "{json:{userId:'12345678901234567890'}}";
    static final Logger logger = Logger.getGlobal();

    public static void main(String[] args) {
        String format = "%s\t%s";
        String line = padTo("", '-', 80);
        int keyLength = getJCEMaxKeyLength();
        String jce = keyLength == Integer.MAX_VALUE ? "YES" : "NO";
        // Collect test results.
        Set<String> algorithms = (Set<String>) AlgorithmRegistry.getAllPBEAlgorithms();
        List<String> result = new ArrayList<>();
        for (String algorithm : algorithms) {
            AlgoritmTestResult works = testAlgorithm(algorithm);
            result.add(String.format(format, padTo(algorithm), padTo(works.toString())));
        }
        // Print response.
        System.out.println(line);
        System.out.println(String.format("Version: %s, max key length: %d (JCE: %s)",
                System.getProperty("java.version"), keyLength, jce) + "\n" + line);
        System.out.println(String.format(format, padTo("Algorithm"), padTo("Result"))
                + "\n" + line);
        for (String r : result) {
            System.out.println(r);
        }
    }

    public static int getJCEMaxKeyLength() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES");
        } catch (NoSuchAlgorithmException ex) {
            return -1;
        }
    }

    public static AlgoritmTestResult testAlgorithm(String algorithm) {
        boolean isEncrypted = false;
        try {
            StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
            encryptor.setPassword("wiu34we233[]weuokw/12340645798/3@#4");
            encryptor.setAlgorithm(algorithm);
            encryptor.setKeyObtentionIterations(1);
            String encrypted = encryptor.encrypt(DATA);
            isEncrypted = true;
            return DATA.equals(encryptor.decrypt(encrypted)) ? AlgoritmTestResult.OK : AlgoritmTestResult.DECRYPT_FAIL;
        } catch (org.jasypt.exceptions.EncryptionOperationNotPossibleException e) {
            logger.log(Level.WARNING, "Error while using " + algorithm + " ", e);
            return isEncrypted ? AlgoritmTestResult.NOT_POSSIBLE_DECRYPT : AlgoritmTestResult.NOT_POSSIBLE;
        } catch (Exception e) {
            logger.log(Level.WARNING, "Error while using " + algorithm + " ", e);
            return AlgoritmTestResult.UNKNOWN;
        }
    }

    public static String padTo(String s) {
        return padTo(s, 30);
    }

    public static String padTo(String s, char c, int length) {
        if (s.length() < length) {
            StringBuilder sb = new StringBuilder(s);
            for (int i = 0; i < length - s.length(); i++) {
                sb.append(c);
            }
            return sb.toString();
        }
        return s;
    }

    public static String padTo(String s, int length) {
        return padTo(s, ' ', length);
    }

    public static enum AlgoritmTestResult {

        OK,
        DECRYPT_FAIL,
        NOT_POSSIBLE,
        NOT_POSSIBLE_DECRYPT,
        UNKNOWN;
    }
}
1 Attachments

Discussion

  • nobulletnav
    nobulletnav
    2014-08-13

    Sorry, I can't find the edit button.

    B. With JCE jars installed (well formatted):

    Version: 1.8.0, max key length: 2147483647 (JCE: YES)
    --------------------------------------------------------------------------------
    Algorithm                       Result                        
    --------------------------------------------------------------------------------
    PBEWITHHMACSHA1ANDAES_128       NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA1ANDAES_256       NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA224ANDAES_128     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA224ANDAES_256     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA256ANDAES_128     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA256ANDAES_256     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA384ANDAES_128     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA384ANDAES_256     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA512ANDAES_128     NOT_POSSIBLE_DECRYPT          
    PBEWITHHMACSHA512ANDAES_256     NOT_POSSIBLE_DECRYPT          
    PBEWITHMD5ANDDES                OK                            
    PBEWITHMD5ANDTRIPLEDES          OK                            
    PBEWITHSHA1ANDDESEDE            OK                            
    PBEWITHSHA1ANDRC2_128           OK                            
    PBEWITHSHA1ANDRC2_40            OK                            
    PBEWITHSHA1ANDRC4_128           OK                            
    PBEWITHSHA1ANDRC4_40            OK                         
    --------------------------------------------------------------------------------
    
     
  • smithsdevin
    smithsdevin
    2 days ago

    I found the same thing today. The actual exception gets swallowed though:

    java.security.InvalidAlgorithmParameterException: Missing parameter type: IV expected