Masking Elytron Credentials Store password on RHEL 8 with FIPS enabled

Solution Verified - Updated -

Issue

  • We are having the following issue when masking the credential store password using elytron-tool.sh on RHEL8 with FIPS enabled:

    ./elytron-tool.sh mask --salt 12345678 --iteration 123 --secret supersecretstorepassword
    
    Exception encountered executing the command:
        java.lang.IllegalArgumentException: ELY03029: No such key algorithm "PBEWithMD5AndDES"
        at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.deriveSecretKey(PasswordBasedEncryptionUtil.java:541)
        at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.build(PasswordBasedEncryptionUtil.java:594)
        at org.wildfly.security.tool.MaskCommand.computeMasked(MaskCommand.java:117)
        at org.wildfly.security.tool.MaskCommand.execute(MaskCommand.java:106)
        at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84)
    Caused by: java.security.NoSuchAlgorithmException: PBEWithMD5AndDES SecretKeyFactory not available
        at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
        at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
        at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.deriveSecretKey(PasswordBasedEncryptionUtil.java:538)
        ... 4 more
    

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.3
  • Red Hat Enterprise Linux (RHEL)
    • 8.3
  • Elytron
  • FIPS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content