0

I am working on updating a password encryption utility from something entirely homegrown to one built around Jasypt and Bouncy Castle. The utility encrypts the password; the encrypted string is then patched into a properties file and read back in and decrypted by a Grails application.

I wrote a Java command-line utility for encrypting the password. The relevant Java code is:

public class PasswordUtility {
    private final String SALT = "randomstring";
    private final StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();

    public PasswordUtility( String seed ) {
        String password = SALT + seed;
        encryptor.setProvider( new BouncyCastleProvider() );
        encryptor.setAlgorithm( "PBEWITHSHA256AND192BITAES-CBC-BC" );
        encryptor.setPassword( password );
    }

    public String decrypt( String encryptedText ) {
        String processText = encryptedText;
        return encryptor.decrypt( processText );
    }

    public String encrypt( String plainText ) {
        return encryptor.encrypt( plainText );
    }
}

The Groovy code is:

class StringEncryptor {
    String salt = "randomstring"

    private StandardPBEStringEncryptor initCrypto( String keySplit ) {
        StandardPBEStringEncryptor pbe = new StandardPBEStringEncryptor()
        pbe.setProvider( new BouncyCastleProvider() )
        pbe.setAlgorithm( "PBEWITHSHA256AND192BITAES-CBC-BC" )
        String cryptKey = salt + keySplit
        pbe.setPassword( cryptKey )
        return pbe
    }

    String encrypt( String keySplit, String encryptText ) {
        StandardPBEStringEncryptor pbe = initCrypto( keySplit )
        pbe.encrypt( encryptText )
    }

    String decrypt( String keySplit, String encryptText ) {
        log.info encryptText
        log.info keySplit
        StandardPBEStringEncryptor pbe = initCrypto( keySplit )
        pbe.decrypt( encryptText )
    }
}

When I run PasswordUtility locally (on a Mac), paste the results into the properties file and run Grails locally, the password is decrypted correctly. When I run PasswordUtility on a RHEL virtual server and paste the results into the properties file, I get an EncryptionOperationNotPossibleException, and looking at the code, it implies that the decryption might have failed -- StandardPBEByteEncryptor line 1055). When I take a string from the Mac and try to decrypt it on RHEL, the decryption returns a null. I am able to take a string from one RHEL box and decrypt it on another RHEL box.

strangefreeworld
  • 149
  • 6
  • Note that using other than Common Crypto on OSX may result in a huge performance penalty. – zaph Aug 08 '16 at 18:15
  • The use case is not login authentication, it is for storing passwords that need to be used later by the Grails application, for a database connection and a keystore the application uses to securely connect with other elements of the system running on different servers. – strangefreeworld Aug 08 '16 at 18:26
  • http://stackoverflow.com/questions/15544266/org-jasypt-exceptions-encryptionoperationnotpossibleexception I would start by ensuring you are running identical Jdk on both mac and Linux – V H Aug 08 '16 at 19:23

1 Answers1

0

The issue was that there were wildcard characters in the password coming in. When I changed that part of the password to alphanumeric characters (or alphanumeric characters and a dash) the crypto was working cross-platform.

strangefreeworld
  • 149
  • 6