----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Tuesday, January 29, 2013 10:33:04 AM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Eli Mesika" <emesika@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Monday, January 28, 2013 11:20:30 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Dead Horse" <deadhorseconsulting@gmail.com> Cc: "users" <users@ovirt.org>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, January 28, 2013 11:16:16 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Dead Horse" <deadhorseconsulting@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Eli Mesika" <emesika@redhat.com> Sent: Monday, January 28, 2013 11:04:53 PM Subject: Re: [Users] engine Failed to decrypt Data error
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');" option_id | option_name |
option_value
| version -----------+--------------------+----------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -----------------------------------------------------------+--------- 127 | LocalAdminPassword | KiG8670o1qXVX6omYsiCdaaXtQc/mGmr0qgLHqc8yykoRz OwbfZzU9AxBYwYrJEwyqdq8c2ZwfGVvQ1YVIfGRspKLKogl59gBnwcQuk3al1K4Vtmr2hgWDtm5FBYd5 Nac4WIly4efjMCRjwrpPVkpAX55N8tGJ9LNzX8eRszQ4iVs8zivl0eu9SVhrB8tbHkA/+U5/vss26za8 X+AV67dtDzoD7ZS0eOT1Vx9vrOGHvDYU8tANEb29Et79CJ0whLOOEeuwTpkK1yZdF3PaWRbnTwXZUsB1 hMs9NLdo2ZxZOVSIK1E2mPh1WLybgIX1YB0Ra3BZvjAR9wPZz+jdfZng== | general 7 | AdminPassword | AakmoHu69RmCWkSoVXLOv0cwzwGscXaM+HJAONRtSdECEA VL+bjc1Lis6PHR1vBwdmhITxAvo2998pTJNusvtuTCODra40MTC+9p9+Oev4jWIbkncHH8gRdIKyvHuz O6fNda50VXeWYhGNFIMavw15PlslutUWEpyNAasjEWyZ7cNyjKK2eFKNDZ3F5PCv9RcQXfXkKSveWm6M 40zUVOx1ZjCnptNUpB4VYf5vW8LOpSL5NJpfJQmu36QbBRDDo3+3XPb4ELXA4t1rbPYw9Z7hRbk5Mbtq qvOA7q4+G4nPtxHB7d6dYT2QJ58wgXUSIIoz/odvz5yVYeazIFS3Faww== | general (2 rows)
Too long , supported values for encryption should be < 127 characters
Why too long? it should be 2048 RSA key. And it is exactly 256 decoded. OK Didn't you say that practically it should be < 256 ?
The encrypted blob is exactly 256 (keysize/8). The plain text within that blob is at same length. The PKCS#5 padding that we should use (or should have used) takes at lease one byte from suffix, hence the <256, but this applies to the plain text.
From the exception we see that the java crypto provider complains we provide a block >256 and key size of 2048, so there is something wrong with the buffer we pass as it must be =256 bytes.
On Mon, Jan 28, 2013 at 2:38 PM, Alon Bar-Lev < alonbl@redhat.com
wrote:
----- Original Message -----
From: "Dead Horse" < deadhorseconsulting@gmail.com > To: "Alon Bar-Lev" < alonbl@redhat.com > Cc: "users" < users@ovirt.org >, "Eli Mesika" < emesika@redhat.com
Sent: Monday, January 28, 2013 10:35:34 PM Subject: Re: [Users] engine Failed to decrypt Data error
was in the middle of a fresh engine setup which did not exhibit the symptom. However after running: "engine-config -s AdminPassword=interactive" and restarting the engine service on the clean setup the error message now shows up.
- DHC
OK, at least it is related to the admin password.
Please send me the output of:
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');"
Thanks!
On Mon, Jan 28, 2013 at 1:55 PM, Alon Bar-Lev < alonbl@redhat.com
wrote:
----- Original Message -----
From: "Dead Horse" < deadhorseconsulting@gmail.com > To: "Alon Bar-Lev" < alonbl@redhat.com > Cc: "users" < users@ovirt.org >, "Eli Mesika" < emesika@redhat.com >
Sent: Monday, January 28, 2013 9:46:53 PM Subject: Re: [Users] engine Failed to decrypt Data error
Current running engine build --> commit: 61c11aecc40e755d08b6c34c6fe1c0a07fa94de8
ran engine upgrade against the built rpms from that commit.
Thus I applied it as an upgrade against prior running build --> commit: 1eb895355239bbcb7a7ceda172405f0b68f18f35
[Please use plain text mails in lists.]
Can you please patch EncryptionUtils.decrypt() with the following, so I can see what source is? source is encrypted blob, should not be a problem to send it.
if (!StringHelper.isNullOrEmpty(source.trim())) { KeyStore store = EncryptionUtils.getKeyStore(keyFile, passwd, certType); Key key = store.getKey(alias, passwd.toCharArray()); + log.info ("DEBUG001 " + source);
result = decrypt(source, key);
}
On Mon, Jan 28, 2013 at 1:28 PM, Alon Bar-Lev < alonbl@redhat.com > wrote:
How do you installed the engine? you built? Which exact version?
----- Original Message ----- > From: "Dead Horse" < deadhorseconsulting@gmail.com >
> To: "Alon Bar-Lev" < alonbl@redhat.com > > Cc: "users" < users@ovirt.org >, "Eli Mesika" < > emesika@redhat.com > > > Sent: Monday, January 28, 2013 9:26:44 PM > Subject: Re: [Users] engine Failed to decrypt Data error > > > Password length is 11 characters and consists of Upper, > Lower > case > and one special character. > > > > > On Mon, Jan 28, 2013 at 1:20 PM, Alon Bar-Lev < > alonbl@redhat.com > > > wrote: > > > We tried to reproduce this. > What password do you use? is there one with some great > length? > If not, Eli, we should send a debug patch for this. > > > > ----- Original Message ----- > > From: "Dead Horse" < deadhorseconsulting@gmail.com > > > To: "< users@ovirt.org >" < users@ovirt.org > > > Sent: Monday, January 28, 2013 9:16:20 PM > > Subject: [Users] engine Failed to decrypt Data error > > > > > > > > I see this repeating error in the engine logs quite a > > bit, > > any > > ideas > > on what causes it? > > > > > > 2013-01-28 13:13:40,483 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-23) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > 2013-01-28 13:13:52,747 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-81) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > 2013-01-28 13:13:52,747 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-84) Failed to decrypt Blocktype > > mismatch: > > 0 > > 2013-01-28 13:13:52,761 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-85) Failed to decrypt Data must > > start > > with > > zero > > 2013-01-28 13:14:00,964 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-23) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > 2013-01-28 13:14:00,964 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-20) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > 2013-01-28 13:14:02,983 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-29) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > 2013-01-28 13:14:02,983 ERROR > > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > > (QuartzScheduler_Worker-34) Failed to decrypt Data must > > not > > be > > longer than 256 bytes > > > > > > - DHC > > > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > >