[Users] engine Failed to decrypt Data error

Alon Bar-Lev alonbl at redhat.com
Tue Jan 29 03:40:59 EST 2013 


----- Original Message -----
> From: "Eli Mesika" <emesika at redhat.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "users" <users at ovirt.org>, "Dead Horse" <deadhorseconsulting at gmail.com>
> Sent: Tuesday, January 29, 2013 10:33:04 AM
> Subject: Re: [Users] engine Failed to decrypt Data error
> 
> 
> 
> ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > To: "Eli Mesika" <emesika at redhat.com>
> > Cc: "users" <users at ovirt.org>, "Dead Horse"
> > <deadhorseconsulting at gmail.com>
> > Sent: Monday, January 28, 2013 11:20:30 PM
> > Subject: Re: [Users] engine Failed to decrypt Data error
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Eli Mesika" <emesika at redhat.com>
> > > To: "Dead Horse" <deadhorseconsulting at gmail.com>
> > > Cc: "users" <users at ovirt.org>, "Alon Bar-Lev" <alonbl at redhat.com>
> > > Sent: Monday, January 28, 2013 11:16:16 PM
> > > Subject: Re: [Users] engine Failed to decrypt Data error
> > > 
> > > 
> > > 
> > > ----- Original Message -----
> > > > From: "Dead Horse" <deadhorseconsulting at gmail.com>
> > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > Cc: "users" <users at ovirt.org>, "Eli Mesika"
> > > > <emesika at redhat.com>
> > > > Sent: Monday, January 28, 2013 11:04:53 PM
> > > > Subject: Re: [Users] engine Failed to decrypt Data error
> > > > 
> > > > 
> > > > psql -U engine -d engine -c "select * from vdc_options where
> > > > option_name in ('LocalAdminPassword', 'AdminPassword');"
> > > > option_id | option_name |
> > > > 
> > > > option_value
> > > > 
> > > > | version
> > > > -----------+--------------------+-----------------------------------------------
> > > > --------------------------------------------------------------------------------
> > > > --------------------------------------------------------------------------------
> > > > --------------------------------------------------------------------------------
> > > > -----------------------------------------------------------+---------
> > > > 127 | LocalAdminPassword |
> > > > KiG8670o1qXVX6omYsiCdaaXtQc/mGmr0qgLHqc8yykoRz
> > > > OwbfZzU9AxBYwYrJEwyqdq8c2ZwfGVvQ1YVIfGRspKLKogl59gBnwcQuk3al1K4Vtmr2hgWDtm5FBYd5
> > > > Nac4WIly4efjMCRjwrpPVkpAX55N8tGJ9LNzX8eRszQ4iVs8zivl0eu9SVhrB8tbHkA/+U5/vss26za8
> > > > X+AV67dtDzoD7ZS0eOT1Vx9vrOGHvDYU8tANEb29Et79CJ0whLOOEeuwTpkK1yZdF3PaWRbnTwXZUsB1
> > > > hMs9NLdo2ZxZOVSIK1E2mPh1WLybgIX1YB0Ra3BZvjAR9wPZz+jdfZng== |
> > > > general
> > > > 7 | AdminPassword |
> > > > AakmoHu69RmCWkSoVXLOv0cwzwGscXaM+HJAONRtSdECEA
> > > > VL+bjc1Lis6PHR1vBwdmhITxAvo2998pTJNusvtuTCODra40MTC+9p9+Oev4jWIbkncHH8gRdIKyvHuz
> > > > O6fNda50VXeWYhGNFIMavw15PlslutUWEpyNAasjEWyZ7cNyjKK2eFKNDZ3F5PCv9RcQXfXkKSveWm6M
> > > > 40zUVOx1ZjCnptNUpB4VYf5vW8LOpSL5NJpfJQmu36QbBRDDo3+3XPb4ELXA4t1rbPYw9Z7hRbk5Mbtq
> > > > qvOA7q4+G4nPtxHB7d6dYT2QJ58wgXUSIIoz/odvz5yVYeazIFS3Faww== |
> > > > general
> > > > (2 rows)
> > > 
> > > Too long , supported values for encryption should be < 127
> > > characters
> > 
> > Why too long? it should be 2048 RSA key.
> > And it is exactly 256 decoded.
> OK
> Didn't you say that practically it should be < 256 ?

The encrypted blob is exactly 256 (keysize/8).
The plain text within that blob is at same length.
The PKCS#5 padding that we should use (or should have used) takes at lease one byte from suffix, hence the <256, but this applies to the plain text.

More information about the Users mailing list