org.jasypt.exceptions.EncryptionOperationNotPossibleException in Tomcat

Question

I'm using the Jasypt encryption library to encrypt/decrypt some text. This code is embedded in a WAR file and deployed to a server.

When running locally, and in unit tests, the encrypt/decrypt cycle works perfectly. I use Jetty to develop the application. The code works perfectly in that server. For some reason, deploying to Tomcat breaks it with the following exception:

FYI, I have the strong encryption libraries installed in both my local and server environments and I'm using the latest 1.6 version (patch level 25).

org.jasypt.exceptions.EncryptionOperationNotPossibleException

The exception has no message.

The code is fully symmetric. I pasted it here for examination. Here are the relevant bits:

I found one old Nabble post where a user had a very similar problem. Code worked everywhere except inside Tomcat. No solution was given.

Any insights would be most appreciated.

**Update: ** Running in Tomcat on my local system, it appears to work. So there's something about my server. On the server, I'm using a 64-bit JVM on Windows Server 2008. I'm using a 32-bit JVM locally (due to my system being a bit older). I wonder if this has something to do with the issue.

public void initializeService() {
    binaryEncryptor = new BasicBinaryEncryptor();
    binaryEncryptor.setPassword(keyBase64);
}

@Override
public <T extends Serializable> String simpleEncrypt(T objectToEncrypt) throws EncryptionException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    try {
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(objectToEncrypt);

        byte[] bytes = binaryEncryptor.encrypt(bos.toByteArray());
        return new String(Base64.encodeBase64(bytes));
    } catch (IOException e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
};

@SuppressWarnings("unchecked")
@Override
public <T> T simpleDecrypt(String objectToDecrypt) throws EncryptionException {
    try {
        byte[] bytes = Base64.decodeBase64(objectToDecrypt);
        byte[] decryptedBytes = binaryEncryptor.decrypt(bytes);

        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(decryptedBytes));
        T object = (T)ois.readObject();
        return object;
    } catch (IOException e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
}

I'd like a confirmation - is it the decryption operation that is failing with the exception? If so, have you already checked out [this question at StackOverflow](http://stackoverflow.com/questions/4905281/miffed-simple-code-but-org-jasypt-exceptions-encryptionoperationnotpossib) ? — Vineet Reynolds, May 25 '11 at 03:29
This is an awesome comment from the docs of jayst: It is intended to provide very little information (if any) of the error causes, so that encryption internals are not revealed through error messages. — Nathan Feger, May 25 '11 at 12:21
OK, I solved the problem. I was putting the encrypted String on the URL after Base64encoding, then URLencoding the string. In my environment, this worked fine. On my server, where I front-end Tomcat with Apache, this didn't work. I found an answer in the Jasypt FAQ. I changed from Base64 encoding to Hex encoding. This fixed it. I'm guessing that Apache may have altered the raw query string before passing to Tomcat. — Erik, May 25 '11 at 12:56

score 5 · Answer 1 · edited Mar 20 '18 at 10:29

5

Here is a link to the docs: http://www.jasypt.org/faq.html#i-keep-on-receiving-encryption-operation-not-possible

Is encryption and decryption config identical
Check to make sure table columns are large enough
Base64 encoding and urlencoding can conflict, so it has to be done just right.

edited Mar 20 '18 at 10:29

Draken

3,134
13
34
54

answered May 25 '11 at 12:46

Nathan Feger

19,122
11
62
71

David Artmann · Answer 2 · 2015-12-29T16:24:13.457

@biniam_Ethiopia
I would have commented your answer but I have not enough reputation, so I write my own answer:

I had a very similiar problem, but in my case it was because of changing the encryption algorithm (PBEWithMD5AndTripleDES), while entries in the db were saved with a different one before (PBEWithMD5AndDES). So I got a EncryptionOperationNotPossibleException too, which is without information because of @Nathan Feger's comment above.

I hope this could help somebody someday too ;)

biniam · Answer 3 · 2015-12-21T09:42:33.910

1

I faced similar problem. For me, it was because it was trying to decrypt a password which could not have been decrypted using the decrypting mechanism.

Hence, I encrypted the password and stored it in database before the decrypt method tries to decrypt it.

I hope it helps someone.

edited Dec 21 '15 at 09:42

answered Jun 27 '14 at 13:07

biniam

8,099
9
49
58

org.jasypt.exceptions.EncryptionOperationNotPossibleException in Tomcat

3 Answers3