Command line Jasypt client encryption 'Operation not possible'

…衆ロ難τιáo~ 提交于 2020-02-23 10:40:29

问题


I am using Jasypt to store our database passwords in our hibernate config file in non-clear-text format.

Eg instead of

    <property name="hibernate.connection.username">user1</property>
    <property name="hibernate.connection.password">password1</property>

I want something like

    <property name="hibernate.connection.username">user1</property>
    <property name="hibernate.connection.password">ENC(0HY4F73HFPQ85CN)</property>

I am using the PBEWITHMD5ANDTRIPLEDES algorithm. I was reading up on it, and it seems that this may require installing a JCE, or a 'Jurisdiction Policy' extension. My question is, are these things already installed if I see this in my list of PBE Algorithms?

I ran the listAlgorithms.bat script:

C:\dev\jasypt-1.9.1\bin>listAlgorithms.bat

DIGEST ALGORITHMS:   [MD2, MD5, SHA, SHA-256, SHA-384, SHA-512]

PBE ALGORITHMS:      [PBEWITHMD5ANDDES, PBEWITHMD5ANDTRIPLEDES, PBEWITHSHA1ANDDESEDE, PBEWITHSHA1ANDRC2_40]

But when I try to encrypt my password, I get a very unhelpful error message:

C:\dev\jasypt-1.9.1\bin>encrypt.bat input=etrading_rw_123 password=encryptionkey algorithm=PBEWITHMD5ANDTRIPLEDES

----ENVIRONMENT-----------------

Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 20.14-b01



----ARGUMENTS-------------------

algorithm: PBEWITHMD5ANDTRIPLEDES
input: etrading_rw_123
password: encryptionkey



----ERROR-----------------------

Operation not possible (Bad input or parameters)

If I run the same script with algorithm=PBEWITHMD5ANDDES, it works fine. Does the list of 'supported algorithms' actually mean 'algorithms that would be supported if you enabled them' rather than 'algorithms that are good to go'?

I am using Java version:

java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)

回答1:


  1. The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy (small download) can enable the higher strength algorithms.

https://www.oracle.com/technetwork/java/javase/downloads/jce-all-download-5170447.html

FYI: JDK 9 and later ship with, and use by default, the unlimited policy files.

The unlimited policy files for earlier releases available above are required only for JDK 8, 7, and 6 updates earlier than 8u161, 7u171, and 6u181. On those versions and later the policy files are included, but not enabled by default.

See JDK-8170157 for details. https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8170157

  1. Another issue, could be that your JAVA_HOME environment variable points to an older Java version. Jasypt's bin/*.sh and *.cmd scripts uses $JAVA_HOME/bin/java or %JAVA_HOME%\bin\java if that environment variable exists.


来源:https://stackoverflow.com/questions/20497292/command-line-jasypt-client-encryption-operation-not-possible

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!