Error while encrypting the "key-store-password" and "key-password" in application.yml
search cancel

Error while encrypting the "key-store-password" and "key-password" in application.yml

book

Article ID: 390547

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

You want to enable SSL in Symantec Protection Engine (SPE) REST API service and also encrypt the "key-store-password" and "key-password" in application.yml file.

Steps from article are followed for this: Enabling SSL in SPE REST API service

Exceptions seen in SPE_REST_API.log

Caused by: java.io.IOException: keystore password was incorrect
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2097) ~[?:?]
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:228) ~[?:?]
    at java.base/java.security.KeyStore.load(KeyStore.java:1500) ~[?:?]

Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2097) ~[?:?]
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:228) ~[?:?]
    at java.base/java.security.KeyStore.load(KeyStore.java:1500) ~[?:?]

Environment

SPE 9.2.x

Cause

Incorrect string format used while using the Encryptor Service in Swagger for encrypting the password.

Resolution

When the Encryptor Service is used in Swagger to encrypt the password, it presents the input required for "strToBeEncrypted" value in body as "string".

Enter the password to be encrypted directly and not by replace the word "string" within the quotes. The exception is caused due to the quotes being included during the encryption.