-
Notifications
You must be signed in to change notification settings - Fork 156
Exporting encrypted csv file using ODK Briefcase fails on Windows #65
Comments
What files are you loading up in ODK Briefcase? Do you have the form XML in the folder structure? When I tried loading up a folder with all of the form instances, I received a similar blank file. When I loaded up the instances with the form schemas also in the folder structure then the export worked fine. |
You need the JCE that is for your Java installation. i.e., Java 8 JCE if you are using Java 8. And if that doesn't work, downgrade to Java 7 and the Java 7 JCE. |
I've tried using the Java 8 JCE but still had no luck but it still wouldn't work. As requested, I've attached my public and private keys as docx files. IMPACT_PublicKey.docx Sorry, but I cannot attach my form as well. Here are the steps I took:
At first, I noticed that my private key and public key had line breaks in it and proceeded to remove them but still came into the same error. Then I thought that I created my public-private key pair incorrectly and recreated my keys a couple times but still ran into the same error. Then I decided to try a previous version of ODK Briefcase and that was the only thing that worked. |
Keep in mind that exposing your private key completely compromises all security of your data. Sounds like a regression in the build of 1.4.10. There were a lot of changes in that build. Letting @lognaturel take over. |
I did a test on Windows and Mac with Briefcase 1.4.9 and 1.4.1. Both OSes are using Java 1.8.0 with the latest Java Cryptography Extension and here are the results. Windows 7 SP1, Briefcase 1.4.9
Windows 7 SP1, Briefcase 1.4.10
macOS 10.12.3, Briefcase 1.4.9
macOS 10.12.3, Briefcase 1.4.10
To reproduce this bug, you can find the encrypted form and a submission at https://nafundi-test.appspot.com. No username or password is needed to pull forms. Once you export, you'll need the MyPrivateKey.pem.txt. For completeness, this is the MyPublicKey.pem.txt. I've put both in encrypted-form.xml.txt as a comment (the first is the public, the second is the private key). For the Mac, I can confirm that the Java Cryptography Extension is indeed installed because the following code returns true.
I think 1.4.10 does indeed have a regression due to the gradle build. From https://github.com/opendatakit/opendatakit/wiki/Briefcase-Release-Notes
I also think export is broken on macOS, but it's not clear why. I've tried Java 1.7 and Java 1.8. @mitchellsundt did you remember trying 1.4.9 on a Mac? |
I think the first thing for someone to try here is to change the build.gradle file so it does not expand the dependant jars when it makes the Briefcase jar. An easy way to see what is inside the jar is to use this task inside the gradle file.
|
@meletis I vaguely remember SurveyCTO having this issue at some point. Do you use gradle to build your desktop client? How did you resolve it? |
I don't remember having that issue in SurveyCTO. We use Maven and we don't expand the dependent jars. |
The illegal key size on Mac would suggest that ODK Briefcase is perhaps not
running the same Java as your test app?
Not sure how Mac deals with runtime JRE settings -- if you have Java 7 and
8 installed, and if you built with a target jre of 1.7, will it run the 8
runtime in backward-compatibility mode, or will it run the 7 runtime?
I'd double check that you have the appropriate JCE installed for all your
Java runtimes (e.g., 6, 7 or 8), and see if that fixes the issue on the Mac.
The missing algorithm suggests that you don't have the bouncy castle jar
(as you have deduced).
…On Tue, Mar 7, 2017 at 4:04 PM, Yaw Anokwa ***@***.***> wrote:
I did a test on Windows and Mac with Briefcase 1.4.9 and 1.4.1. Both OSes
are using Java 1.8.0 with the latest Java Cryptography Extension and here
are the results.
*Windows 7 SP1, Briefcase 1.4.9*
Starting Export...
Processing instance: uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf
SUCCEEDED!
*Windows 7 SP1, Briefcase 1.4.10*
*Cause: java.security.NoSuchAlgorithmException: Cannot find any provider
supporting RSA/NONE/OAEPWithSHA256AndMGF1Padding*
Starting Export...
Processing instance: uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf
Error decrypting submission uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf Cause: org.opendatakit.briefcase.model.CryptoException: Error decrypting base64EncryptedKey Cause: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/OAEPWithSHA256AndMGF1Padding
FAILED!
*macOS 10.12.3, Briefcase 1.4.9*
*Cause: java.security.InvalidKeyException: Illegal key size*
Starting Export...
Processing instance: uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf
Error decrypting submission uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf Cause: org.opendatakit.briefcase.model.CryptoException: Error decrypting:submission.xml.enc Cause: java.security.InvalidKeyException: Illegal key size
FAILED!
*macOS 10.12.3, Briefcase 1.4.10*
*Cause: java.security.NoSuchAlgorithmException: Cannot find any provider
supporting RSA/NONE/OAEPWithSHA256AndMGF1Padding*
Starting Export...
Processing instance: uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf
Error decrypting submission uuidfbf126e9-3ae8-4211-83d6-5e43a17252bf Cause: org.opendatakit.briefcase.model.CryptoException: Error decrypting base64EncryptedKey Cause: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/OAEPWithSHA256AndMGF1Padding
FAILED!
To reproduce this bug, you can find the encrypted form and a submission at
https://nafundi-test.appspot.com. No username or password is needed to
pull forms.
Once you export, you'll need the MyPrivateKey.pem.txt
<https://github.com/opendatakit/briefcase/files/826125/MyPrivateKey.pem.txt>.
For completeness, this is the MyPublicKey.pem.txt
<https://github.com/opendatakit/briefcase/files/826126/MyPublicKey.pem.txt>.
I've put both in encrypted-form.xml.txt
<https://github.com/opendatakit/briefcase/files/826127/encrypted-form.xml.txt>
as a comment (the first is the public, the second is the private key).
For the Mac, I can confirm that the Java Cryptography Extension is indeed
installed because the following code returns true.
import javax.crypto.Cipher;
public class TestUCE {
public static void main(String args[]) throws Exception {
int length = Cipher.getMaxAllowedKeyLength("AES");
boolean unlimited = (length == Integer.MAX_VALUE);
System.out.println("Unlimited cryptography enabled: " + unlimited);
}
}
I think 1.4.10 does indeed have a regression due to the gradle build. From
https://github.com/opendatakit/opendatakit/wiki/Briefcase-Release-Notes
During the export process, be sure to select Package required libraries
into generated JAR. The cryptography libraries make extensive use of
dynamic class loading and may perform runtime verification of their jar
signatures.
If you instead choose Extract required libraries into generated JAR, then
the resulting runnable jar will fail with
I also think export is broken on macOS, but it's not clear why.
@mitchellsundt <https://github.com/mitchellsundt> did you remember trying
1.4.9 on a Mac?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#65 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACLO0wAEanVNbbHpZFMwUUyAp4dCACEEks5rjfCbgaJpZM4MTM-d>
.
--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com
|
Yes, you should NOT explode the dependent jars. The bcprov jar (bouncy
castle) is a signed jar. Exploding it will invalidate the security
tamper-detection check, and cause the jar to not register its algorithms.
…On Wed, Mar 8, 2017 at 7:06 AM, Meletis Margaritis ***@***.*** > wrote:
I don't remember having that issue in SurveyCTO. We use Maven and we don't
expand the dependent jars.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#65 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACLO0wXIc3TB6lnoGM67WNm8nCo_Bppnks5rjsPogaJpZM4MTM-d>
.
--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com
|
My goal is to get Briefcase to run with a single click (e.g., Getting a single-click Java application requires an uber/fat/flattened jar or a nested jar class loader. Flattened jars won't work because as @mitchellsundt's points out, Bouncy Castle won't work when exploded. That's the problem we see in 1.4.10. Nested jar class loading is one reasonable path forward. The catch is, there aren't many class loaders that I've gotten to work. 1.4.9 used Eclipse's classloader which works on Windows, but doesn't seem to work on my Mac. What does work on my Mac is My next steps are to
|
Keep in mind that this is ONLY an issue with Mac OSX and perhaps Linux.
Double-clicking the jar auto-launches everything just fine on Windows. Has
for years.
…On Thu, Mar 9, 2017 at 9:19 AM, Yaw Anokwa ***@***.***> wrote:
My goal is to get Briefcase to run with a single click (e.g.,java -jar
briefcase.jar). I spent a lot of time digging into this, and it's most
certainly a packaging problem. Here's what I've learned...
Getting a single-click Java application requires an uber/fat/flattened jar
or a nested jar class loader. Flattened jars won't work because as
@mitchellsundt <https://github.com/mitchellsundt>'s points out, Bouncy
Castle won't work when exploded. That's the problem we see in 1.4.10.
Nested jar class loading is one reasonable path forward. The catch is,
there aren't many class loaders that I've gotten to work. 1.4.9 used
Eclipse's classloader which works on Windows, but doesn't seem to work on
my Mac.
What does work on my Mac is gradle run. This confirms my findings that if
you are willing to write some script to run the briefcase jar with the
classpath pointed to an external directory, it'll work great.
My next steps are to
1. Try to find a modern class loader that works with macOS and gradle.
2. See can package the jar as an .app for macOS and an .exe for
Windows.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#65 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACLO0_LE4kYNLz-zjvqHz0Ha2nDrNRcrks5rkDS7gaJpZM4MTM-d>
.
--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com
|
– bendo28@gmail.com
Software versions
Briefcase v1.x.x, Java v1.x.x, operating system, Aggregate v1.x.x, Collect v1.x.x...
Problem description
Steps to reproduce the problem
Expected behavior
Other information
Things you tried, stack traces, related issues, suggestions on how to fix it...
The text was updated successfully, but these errors were encountered: