----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Eli Mesika" <emesika@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Tuesday, January 29, 2013 10:40:59 AM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Tuesday, January 29, 2013 10:33:04 AM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Eli Mesika" <emesika@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Monday, January 28, 2013 11:20:30 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Dead Horse" <deadhorseconsulting@gmail.com> Cc: "users" <users@ovirt.org>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, January 28, 2013 11:16:16 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Dead Horse" <deadhorseconsulting@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Eli Mesika" <emesika@redhat.com> Sent: Monday, January 28, 2013 11:04:53 PM Subject: Re: [Users] engine Failed to decrypt Data error
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');" option_id | option_name |
option_value
| version -----------+--------------------+----------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -----------------------------------------------------------+--------- 127 | LocalAdminPassword | KiG8670o1qXVX6omYsiCdaaXtQc/mGmr0qgLHqc8yykoRz OwbfZzU9AxBYwYrJEwyqdq8c2ZwfGVvQ1YVIfGRspKLKogl59gBnwcQuk3al1K4Vtmr2hgWDtm5FBYd5 Nac4WIly4efjMCRjwrpPVkpAX55N8tGJ9LNzX8eRszQ4iVs8zivl0eu9SVhrB8tbHkA/+U5/vss26za8 X+AV67dtDzoD7ZS0eOT1Vx9vrOGHvDYU8tANEb29Et79CJ0whLOOEeuwTpkK1yZdF3PaWRbnTwXZUsB1 hMs9NLdo2ZxZOVSIK1E2mPh1WLybgIX1YB0Ra3BZvjAR9wPZz+jdfZng== | general 7 | AdminPassword | AakmoHu69RmCWkSoVXLOv0cwzwGscXaM+HJAONRtSdECEA VL+bjc1Lis6PHR1vBwdmhITxAvo2998pTJNusvtuTCODra40MTC+9p9+Oev4jWIbkncHH8gRdIKyvHuz O6fNda50VXeWYhGNFIMavw15PlslutUWEpyNAasjEWyZ7cNyjKK2eFKNDZ3F5PCv9RcQXfXkKSveWm6M 40zUVOx1ZjCnptNUpB4VYf5vW8LOpSL5NJpfJQmu36QbBRDDo3+3XPb4ELXA4t1rbPYw9Z7hRbk5Mbtq qvOA7q4+G4nPtxHB7d6dYT2QJ58wgXUSIIoz/odvz5yVYeazIFS3Faww== | general (2 rows)
Too long , supported values for encryption should be < 127 characters
Why too long? it should be 2048 RSA key. And it is exactly 256 decoded. OK Didn't you say that practically it should be < 256 ?
The encrypted blob is exactly 256 (keysize/8). The plain text within that blob is at same length. The PKCS#5 padding that we should use (or should have used) takes at lease one byte from suffix, hence the <256, but this applies to the plain text. From the exception we see that the java crypto provider complains we provide a block >256 and key size of 2048, so there is something wrong with the buffer we pass as it must be =256 bytes.
That raises the chance of bug in the EncryptionUtils code , can you take a look ?
On Mon, Jan 28, 2013 at 2:38 PM, Alon Bar-Lev < alonbl@redhat.com
wrote:
----- Original Message -----
From: "Dead Horse" < deadhorseconsulting@gmail.com > To: "Alon Bar-Lev" < alonbl@redhat.com > Cc: "users" < users@ovirt.org >, "Eli Mesika" < emesika@redhat.com >
Sent: Monday, January 28, 2013 10:35:34 PM Subject: Re: [Users] engine Failed to decrypt Data error
was in the middle of a fresh engine setup which did not exhibit the symptom. However after running: "engine-config -s AdminPassword=interactive" and restarting the engine service on the clean setup the error message now shows up.
- DHC
OK, at least it is related to the admin password.
Please send me the output of:
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');"
Thanks!
On Mon, Jan 28, 2013 at 1:55 PM, Alon Bar-Lev < alonbl@redhat.com > wrote:
----- Original Message ----- > From: "Dead Horse" < deadhorseconsulting@gmail.com > > To: "Alon Bar-Lev" < alonbl@redhat.com > > Cc: "users" < users@ovirt.org >, "Eli Mesika" < > emesika@redhat.com > >
> Sent: Monday, January 28, 2013 9:46:53 PM > Subject: Re: [Users] engine Failed to decrypt Data error > > > >
> Current running engine build --> commit: > 61c11aecc40e755d08b6c34c6fe1c0a07fa94de8 > > ran engine upgrade against the built rpms from that > commit. > > > Thus I applied it as an upgrade against prior running > build > --> > commit: > 1eb895355239bbcb7a7ceda172405f0b68f18f35
[Please use plain text mails in lists.]
Can you please patch EncryptionUtils.decrypt() with the following, so I can see what source is? source is encrypted blob, should not be a problem to send it.
if (!StringHelper.isNullOrEmpty(source.trim())) { KeyStore store = EncryptionUtils.getKeyStore(keyFile, passwd, certType); Key key = store.getKey(alias, passwd.toCharArray()); + log.info ("DEBUG001 " + source);
result = decrypt(source, key);
}
> > > > On Mon, Jan 28, 2013 at 1:28 PM, Alon Bar-Lev < > alonbl@redhat.com > > > wrote: > > > How do you installed the engine? you built? > Which exact version? > > > ----- Original Message ----- > > From: "Dead Horse" < deadhorseconsulting@gmail.com > > > > > To: "Alon Bar-Lev" < alonbl@redhat.com > > > Cc: "users" < users@ovirt.org >, "Eli Mesika" < > > emesika@redhat.com > > > > > Sent: Monday, January 28, 2013 9:26:44 PM > > Subject: Re: [Users] engine Failed to decrypt Data > > error > > > > > > Password length is 11 characters and consists of Upper, > > Lower > > case > > and one special character. > > > > > > > > > > On Mon, Jan 28, 2013 at 1:20 PM, Alon Bar-Lev < > > alonbl@redhat.com > > > > > wrote: > > > > > > We tried to reproduce this. > > What password do you use? is there one with some great > > length? > > If not, Eli, we should send a debug patch for this. > > > > > > > > ----- Original Message ----- > > > From: "Dead Horse" < deadhorseconsulting@gmail.com > > > > To: "< users@ovirt.org >" < users@ovirt.org > > > > Sent: Monday, January 28, 2013 9:16:20 PM > > > Subject: [Users] engine Failed to decrypt Data error > > > > > > > > > > > > I see this repeating error in the engine logs quite a > > > bit, > > > any > > > ideas > > > on what causes it? > > > > > > > > > 2013-01-28 13:13:40,483 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-23) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > 2013-01-28 13:13:52,747 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-81) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > 2013-01-28 13:13:52,747 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-84) Failed to decrypt > > > Blocktype > > > mismatch: > > > 0 > > > 2013-01-28 13:13:52,761 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-85) Failed to decrypt Data > > > must > > > start > > > with > > > zero > > > 2013-01-28 13:14:00,964 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-23) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > 2013-01-28 13:14:00,964 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-20) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > 2013-01-28 13:14:02,983 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-29) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > 2013-01-28 13:14:02,983 ERROR > > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > > (QuartzScheduler_Worker-34) Failed to decrypt Data > > > must > > > not > > > be > > > longer than 256 bytes > > > > > > > > > - DHC > > > > > > _______________________________________________ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > >