Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

des-ede3 is unusable in JRuby #2617

Closed
tamird opened this issue Feb 23, 2015 · 1 comment
Closed

des-ede3 is unusable in JRuby #2617

tamird opened this issue Feb 23, 2015 · 1 comment
Milestone

Comments

@tamird
Copy link

@tamird tamird commented Feb 23, 2015

There is no set of parameters that I've been able to find that makes it possible to encrypt anything with des-ede3 or DES-EDE3 under JRuby. It is trivially possible in MRI:

if defined?(JRUBY_VERSION)
  puts 'Applying https://github.com/jruby/jruby/wiki/UnlimitedStrengthCrypto'
  security_class = java.lang.Class.for_name('javax.crypto.JceSecurity')
  restricted_field = security_class.get_declared_field('isRestricted')
  restricted_field.accessible = true
  restricted_field.set(nil, false)
end

require 'openssl'
require 'securerandom'

cipher = OpenSSL::Cipher.new('des-ede3')
cipher.encrypt
cipher.key = SecureRandom.random_bytes(64)
cipher.iv = SecureRandom.random_bytes(64)
puts (cipher.update('sup3rs33kr3t') + cipher.final).inspect

Output in MRI: "\x93\f\x95U\xBD\xCB\xB6\xD0\xDAt\x91{%\xED\xCF\xD8"
Output in JRuby without jruby-openssl: "OpenSSL::Cipher::CipherError: DES key too long - should be 8 bytes: possibly you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE"

Changing the key length to 8 bytes results in "OpenSSL::Cipher::CipherError: key length too short" on all VMs.

This works with jruby-openssl installed, but the presence of jruby-openssl causes many other problems (see jruby/jruby-openssl#31).

@mkristian
Copy link
Member

@mkristian mkristian commented Feb 24, 2015

since we already will ship jruby-openssl-0.9.6 with the next jruby-1.7.x release and is already shipped with jruby-9.0.0.0.pre1

nothing more can be done on the jruby side. closing.

BUT jruby/jruby-openssl#31 got noticed

@mkristian mkristian closed this Feb 24, 2015
kares added a commit to jruby/jruby-openssl that referenced this issue Mar 20, 2015
@enebo enebo added this to the JRuby 1.7.20 milestone Apr 28, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants