Friday, November 30, 2012

When configuring Secure Vault with WSO2 products : Error initializing Cipher

You can configure Secure Vault with WSO2 ESB (or any other Carbon product) to secure the data in the configuration files such as
 - User Store passwords
 - Database passwords           etc.
You may get this work completely if you follow this blog on How to configure Secure Vault in WSO2 Products.
If you try with a custom keystore, you might encounter the following error for certain instances.
Exception in thread "main" org.wso2.ciphertool.CipherToolException: Error initializing Cipher
at org.wso2.ciphertool.CipherTool.handleException(CipherTool.java:861)
at org.wso2.ciphertool.CipherTool.initCipher(CipherTool.java:202)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:80)
Caused by: java.security.InvalidKeyException: Wrong key usage
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at org.wso2.ciphertool.CipherTool.initCipher(CipherTool.java:200)
... 1 more
Then you can analyze the public certificates of the two jks's  - In default wso2carbon.jks, the KeyUsage is
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]
 - In the custom .jks, the KeyUsage is
KeyUsage [
  DigitalSignature
  Key_Encipherment
]
Since the custom key store's certificate does not have 'Data_Encipherment' it can't use the Ciphertool and encrypt data for secure vault. So they may have to generate a new key store with at least a Self signed certificate. 

No comments:

Post a Comment