Masking Elytron Credentials Store password on RHEL 8 with FIPS enabled
Issue
-
We are having the following issue when masking the credential store password using
elytron-tool.shon RHEL8 with FIPS enabled:-
In JBoss EAP 7.3:
./elytron-tool.sh mask --salt 12345678 --iteration 123 --secret supersecretstorepassword Exception encountered executing the command: java.lang.IllegalArgumentException: ELY03029: No such key algorithm "PBEWithMD5AndDES" at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.deriveSecretKey(PasswordBasedEncryptionUtil.java:541) at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.build(PasswordBasedEncryptionUtil.java:594) at org.wildfly.security.tool.MaskCommand.computeMasked(MaskCommand.java:117) at org.wildfly.security.tool.MaskCommand.execute(MaskCommand.java:106) at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84) Caused by: java.security.NoSuchAlgorithmException: PBEWithMD5AndDES SecretKeyFactory not available at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122) at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160) at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.deriveSecretKey(PasswordBasedEncryptionUtil.java:538) ... 4 more -
In EAP JBoss 7.4.4 and later:
./elytron-tool.sh mask --salt 12345678 --iteration 123 --secret supersecretstorepassword Mask password operation is not allowed in FIPS mode
-
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7.3
- 7.4
- Red Hat Enterprise Linux (RHEL)
- 8.3
- Elytron
- FIPS
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.