Timothy Akujuaobi
2014-08-20 12:16:01 UTC
Hi.
I have several boxes set up in a cluster environment running tomcat 6,
openjdk-1.6.0.0.x86_64 and bouncycastle bcprov-jdk15-1.45.
I am using AES/GCM/NoPadding cipher algorithm, and bouncycastle provider is
loaded from within the application classpath.
The bcprov-jdk15-1.45.jar is bundled in 3 different jar files on the
classpath - one shaded, and the other two not.
The problem is that I have some data that when encrypted on one cluster
node intermittently fails to decrypt a second node with the exception
details below
Caused by: javax.crypto.BadPaddingException: mac check in GCM failed
at org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(Unknown
Source) ~[bcprov-jdk15-1.45.jar:1.45.0]
at javax.crypto.Cipher.doFinal(DashoA13*..) ~[na:1.6]
Usually, this behaviour sometimes gets triggered by a deployment into the
server instance running the application.
Whenever this failure occurs, the encrypted data generated on either node
fails to decrypt on the other.
However, each node can successfully decrypt its own encrypted data while in
this state.
I have verified the AES key and initialisation vector used are the same
across the inconsistent nodes.
I have also taken heap dumps off two nodes in this 'incompatible' state,
and the environment and system properties as well as application states are
consistent as expected.
Please does anyone have any suggestions as to what could be triggering this
behaviour? Or at least any suggestions/pointers to help my investigation?
Thanks
I have several boxes set up in a cluster environment running tomcat 6,
openjdk-1.6.0.0.x86_64 and bouncycastle bcprov-jdk15-1.45.
I am using AES/GCM/NoPadding cipher algorithm, and bouncycastle provider is
loaded from within the application classpath.
The bcprov-jdk15-1.45.jar is bundled in 3 different jar files on the
classpath - one shaded, and the other two not.
The problem is that I have some data that when encrypted on one cluster
node intermittently fails to decrypt a second node with the exception
details below
Caused by: javax.crypto.BadPaddingException: mac check in GCM failed
at org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(Unknown
Source) ~[bcprov-jdk15-1.45.jar:1.45.0]
at javax.crypto.Cipher.doFinal(DashoA13*..) ~[na:1.6]
Usually, this behaviour sometimes gets triggered by a deployment into the
server instance running the application.
Whenever this failure occurs, the encrypted data generated on either node
fails to decrypt on the other.
However, each node can successfully decrypt its own encrypted data while in
this state.
I have verified the AES key and initialisation vector used are the same
across the inconsistent nodes.
I have also taken heap dumps off two nodes in this 'incompatible' state,
and the environment and system properties as well as application states are
consistent as expected.
Please does anyone have any suggestions as to what could be triggering this
behaviour? Or at least any suggestions/pointers to help my investigation?
Thanks