You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kristian Waagan (JIRA)" <de...@db.apache.org> on 2006/01/16 11:30:21 UTC
[jira] Commented: (DERBY-788) 'store/encryptionKey.sql' fails on
Solaris 10
[ http://issues.apache.org/jira/browse/DERBY-788?page=comments#action_12362838 ]
Kristian Waagan commented on DERBY-788:
---------------------------------------
I got a response to my inquiry about this issue:
"...it is not clearly defined how SecretKeyFactories and Ciphers behave when passed a key that is "too long". In most cases I would expect the two to behave the same. That means that even though your technique worked for DES and the providers you have tried, it may not work for other algorithms or providers."
This raises a few questions:
1) Is the approach used by Derby valid? (wrt. what we can expect from crypto providers)
Why allow the user to believe, say, a 512 byte key is used, when in fact only the first 8 bytes are used for encrypting/decrypting the database? Are we able to enforce a valid key length for a given algorithm? (without hardcoding limits in Derby code)
2) Why does the test use a 16 byte key for the DES algorithm?
Should it be changed to 8 byte, or is the test written to test the behavior of Derby when the key is not according to the specifications for the given algorithm?
I will take no further action until I get some feedback. Until a) the 'SunPCKS11-Solaris' is changed, b) the test is changed or c) another default provider is set for Solaris10, the test will continue to fail on Solaris10 (and probably higher versions).
> 'store/encryptionKey.sql' fails on Solaris 10
> ---------------------------------------------
>
> Key: DERBY-788
> URL: http://issues.apache.org/jira/browse/DERBY-788
> Project: Derby
> Type: Bug
> Components: Services, Test
> Versions: 10.0.2.1, 10.1.1.2, 10.1.2.1
> Environment: Solaris 10 (generic hardware)
> Sun JDK 5.0 with the 'SunPCKS11-Solaris' Java Security provider
> Reporter: Kristian Waagan
> Assignee: Kristian Waagan
> Priority: Minor
> Fix For: 10.2.0.0
>
> The 'store/encryptionKey.sql' test fails on Solaris 10.
> Investigation revealed that the failure is caused by a difference in behavior between the 'SunPCKS11-Solaris' provider and other providers (tested with 'SunJCE' and 'IBMJCE').
> The initialization of the DES cipher fails because the 16 byte key (specified in the test) is not translated to a 8 byte DES key by SecretKeyFactory.translateKey(). This might be a bug in the provider (I don't know the spec). Enquiries are being made.
> The exception is being thrown from the constructor of 'impl.services.jce.JCECipherProvider'.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira