From: "Alon Bar-Lev" <alonbl(a)redhat.com>
To: "Eli Mesika" <emesika(a)redhat.com>
Cc: "users" <users(a)ovirt.org>, "Dead Horse"
<deadhorseconsulting(a)gmail.com>
Sent: Monday, January 28, 2013 11:20:30 PM
Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
> From: "Eli Mesika" <emesika(a)redhat.com>
> To: "Dead Horse" <deadhorseconsulting(a)gmail.com>
> Cc: "users" <users(a)ovirt.org>, "Alon Bar-Lev"
<alonbl(a)redhat.com>
> Sent: Monday, January 28, 2013 11:16:16 PM
> Subject: Re: [Users] engine Failed to decrypt Data error
>
>
>
> ----- Original Message -----
> > From: "Dead Horse" <deadhorseconsulting(a)gmail.com>
> > To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> > Cc: "users" <users(a)ovirt.org>, "Eli Mesika"
<emesika(a)redhat.com>
> > Sent: Monday, January 28, 2013 11:04:53 PM
> > Subject: Re: [Users] engine Failed to decrypt Data error
> >
> >
> > psql -U engine -d engine -c "select * from vdc_options where
> > option_name in ('LocalAdminPassword', 'AdminPassword');"
> > option_id | option_name |
> >
> > option_value
> >
> > | version
> >
-----------+--------------------+-----------------------------------------------
> >
--------------------------------------------------------------------------------
> >
--------------------------------------------------------------------------------
> >
--------------------------------------------------------------------------------
> > -----------------------------------------------------------+---------
> > 127 | LocalAdminPassword |
> > KiG8670o1qXVX6omYsiCdaaXtQc/mGmr0qgLHqc8yykoRz
> >
OwbfZzU9AxBYwYrJEwyqdq8c2ZwfGVvQ1YVIfGRspKLKogl59gBnwcQuk3al1K4Vtmr2hgWDtm5FBYd5
> >
Nac4WIly4efjMCRjwrpPVkpAX55N8tGJ9LNzX8eRszQ4iVs8zivl0eu9SVhrB8tbHkA/+U5/vss26za8
> >
X+AV67dtDzoD7ZS0eOT1Vx9vrOGHvDYU8tANEb29Et79CJ0whLOOEeuwTpkK1yZdF3PaWRbnTwXZUsB1
> > hMs9NLdo2ZxZOVSIK1E2mPh1WLybgIX1YB0Ra3BZvjAR9wPZz+jdfZng== |
> > general
> > 7 | AdminPassword |
> > AakmoHu69RmCWkSoVXLOv0cwzwGscXaM+HJAONRtSdECEA
> >
VL+bjc1Lis6PHR1vBwdmhITxAvo2998pTJNusvtuTCODra40MTC+9p9+Oev4jWIbkncHH8gRdIKyvHuz
> >
O6fNda50VXeWYhGNFIMavw15PlslutUWEpyNAasjEWyZ7cNyjKK2eFKNDZ3F5PCv9RcQXfXkKSveWm6M
> >
40zUVOx1ZjCnptNUpB4VYf5vW8LOpSL5NJpfJQmu36QbBRDDo3+3XPb4ELXA4t1rbPYw9Z7hRbk5Mbtq
> > qvOA7q4+G4nPtxHB7d6dYT2QJ58wgXUSIIoz/odvz5yVYeazIFS3Faww== |
> > general
> > (2 rows)
>
> Too long , supported values for encryption should be < 127
> characters
Why too long? it should be 2048 RSA key.
And it is exactly 256 decoded.
>
>
> >
> >
> >
> >
> > On Mon, Jan 28, 2013 at 2:38 PM, Alon Bar-Lev < alonbl(a)redhat.com
> > >
> > wrote:
> >
> >
> >
> > ----- Original Message -----
> > > From: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > > To: "Alon Bar-Lev" < alonbl(a)redhat.com >
> > > Cc: "users" < users(a)ovirt.org >, "Eli Mesika"
<
> > > emesika(a)redhat.com
> > > >
> >
> > > Sent: Monday, January 28, 2013 10:35:34 PM
> > > Subject: Re: [Users] engine Failed to decrypt Data error
> > >
> > >
> > >
> >
> > > was in the middle of a fresh engine setup which did not exhibit
> > > the
> > > symptom. However after running: "engine-config -s
> > > AdminPassword=interactive" and restarting the engine service on
> > > the
> > > clean setup the error message now shows up.
> > >
> > > - DHC
> > >
> > >
> > >
> >
> > OK, at least it is related to the admin password.
> >
> > Please send me the output of:
> >
> > psql -U engine -d engine -c "select * from vdc_options where
> > option_name in ('LocalAdminPassword', 'AdminPassword');"
> >
> >
> > Thanks!
> >
> > >
> > > On Mon, Jan 28, 2013 at 1:55 PM, Alon Bar-Lev <
> > > alonbl(a)redhat.com
> > > >
> > > wrote:
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > > > To: "Alon Bar-Lev" < alonbl(a)redhat.com >
> > > > Cc: "users" < users(a)ovirt.org >, "Eli
Mesika" <
> > > > emesika(a)redhat.com
> > > > >
> > >
> > > > Sent: Monday, January 28, 2013 9:46:53 PM
> > > > Subject: Re: [Users] engine Failed to decrypt Data error
> > > >
> > > >
> > > >
> > > >
> > >
> > > > Current running engine build --> commit:
> > > > 61c11aecc40e755d08b6c34c6fe1c0a07fa94de8
> > > >
> > > > ran engine upgrade against the built rpms from that commit.
> > > >
> > > >
> > > > Thus I applied it as an upgrade against prior running build
> > > > -->
> > > > commit:
> > > > 1eb895355239bbcb7a7ceda172405f0b68f18f35
> > >
> > > [Please use plain text mails in lists.]
> > >
> > >
> > > Can you please patch EncryptionUtils.decrypt() with the
> > > following,
> > > so
> > > I can see what source is? source is encrypted blob, should not
> > > be
> > > a
> > > problem to send it.
> > >
> > > if (!StringHelper.isNullOrEmpty(source.trim())) {
> > > KeyStore store = EncryptionUtils.getKeyStore(keyFile, passwd,
> > > certType);
> > > Key key = store.getKey(alias, passwd.toCharArray());
> > > + log.info ("DEBUG001 " + source);
> >
> >
> > > result = decrypt(source, key);
> > >
> > >
> > > }
> > >
> > >
> > > >
> > > >
> > > >
> > > > On Mon, Jan 28, 2013 at 1:28 PM, Alon Bar-Lev <
> > > > alonbl(a)redhat.com
> > > > >
> > > > wrote:
> > > >
> > > >
> > > > How do you installed the engine? you built?
> > > > Which exact version?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Dead Horse" < deadhorseconsulting(a)gmail.com
>
> > > >
> > > >
> > > > > To: "Alon Bar-Lev" < alonbl(a)redhat.com >
> > > > > Cc: "users" < users(a)ovirt.org >, "Eli
Mesika" <
> > > > > emesika(a)redhat.com
> > > > > >
> > > > > Sent: Monday, January 28, 2013 9:26:44 PM
> > > > > Subject: Re: [Users] engine Failed to decrypt Data error
> > > > >
> > > > >
> > > > > Password length is 11 characters and consists of Upper,
> > > > > Lower
> > > > > case
> > > > > and one special character.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jan 28, 2013 at 1:20 PM, Alon Bar-Lev <
> > > > > alonbl(a)redhat.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > >
> > > > > We tried to reproduce this.
> > > > > What password do you use? is there one with some great
> > > > > length?
> > > > > If not, Eli, we should send a debug patch for this.
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Dead Horse" <
deadhorseconsulting(a)gmail.com >
> > > > > > To: "< users(a)ovirt.org >" <
users(a)ovirt.org >
> > > > > > Sent: Monday, January 28, 2013 9:16:20 PM
> > > > > > Subject: [Users] engine Failed to decrypt Data error
> > > > > >
> > > > > >
> > > > > >
> > > > > > I see this repeating error in the engine logs quite a
> > > > > > bit,
> > > > > > any
> > > > > > ideas
> > > > > > on what causes it?
> > > > > >
> > > > > >
> > > > > > 2013-01-28 13:13:40,483 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-23) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > > 2013-01-28 13:13:52,747 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-81) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > > 2013-01-28 13:13:52,747 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-84) Failed to decrypt Blocktype
> > > > > > mismatch:
> > > > > > 0
> > > > > > 2013-01-28 13:13:52,761 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-85) Failed to decrypt Data must
> > > > > > start
> > > > > > with
> > > > > > zero
> > > > > > 2013-01-28 13:14:00,964 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-23) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > > 2013-01-28 13:14:00,964 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-20) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > > 2013-01-28 13:14:02,983 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-29) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > > 2013-01-28 13:14:02,983 ERROR
> > > > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
> > > > > > (QuartzScheduler_Worker-34) Failed to decrypt Data must
> > > > > > not
> > > > > > be
> > > > > > longer than 256 bytes
> > > > > >
> > > > > >
> > > > > > - DHC
> > > > > >
> > > > > > _______________________________________________
> > > > > > Users mailing list
> > > > > > Users(a)ovirt.org
> > > > > >
http://lists.ovirt.org/mailman/listinfo/users
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>