sqoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Burak Ongun <burakon...@gmail.com>
Subject Getting BadPaddingException while doing an import with encrypted password file
Date Thu, 09 Mar 2017 12:57:26 GMT
I encrypt file with openssl then put it on HDFS, I used AES/ECB, 128 bits
and salt option, and with some research I find out openssl uses PKCS5
padding as default which are all defaults in CryptoFileLoader class here;

https://apache.googlesource.com/sqoop/+/refs/heads/trunk/
src/java/org/apache/sqoop/util/password/CredentialProviderPasswordLoad
er.java.



Here is my encryption process:


    # echo -n "password" > .pw

    # openssl enc -aes-128-ecb -salt -in .pw -out .pw.enc

    # hdfs dfs -put .opw.enc /user/user1/


Sqoop version is 1.4.6


Command:


    sqoop import \

    -Dorg.apache.sqoop.credentials.loader.class=org.
apache.sqoop.util.password.CryptoFileLoader \

    -Dorg.apache.sqoop.credentials.loader.crypto.passphrase=sqoop \

    --connect jdbc:oracle:thin:@host/database \

    --username user1 \

    --password-file /user/user1/.pw.enc \

    --table db.table1 \

    --hive-import \

    --hive-overwrite \

    --hive-table hivedb.table1 \

    --hive-drop-import-delims


which gives:


    17/03/08 15:10:37 WARN tool.BaseSqoopTool: Failed to load password file

    java.io.IOException: Can't decrypt the password

            at org.apache.sqoop.util.password.CryptoFileLoader.
loadPassword(CryptoFileLoader.java:151)

            at org.apache.sqoop.util.CredentialsUtil.
fetchPasswordFromLoader(CredentialsUtil.java:81)

            at org.apache.sqoop.util.CredentialsUtil.fetchPassword(
CredentialsUtil.java:66)

            at org.apache.sqoop.tool.BaseSqoopTool.applyCredentialsOptions(
BaseSqoopTool.java:1042)

            at org.apache.sqoop.tool.BaseSqoopTool.applyCommonOptions(
BaseSqoopTool.java:997)

            at org.apache.sqoop.tool.ImportTool.applyOptions(
ImportTool.java:875)

            at org.apache.sqoop.tool.SqoopTool.parseArguments(
SqoopTool.java:435)

            at org.apache.sqoop.Sqoop.run(Sqoop.java:131)

            at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)

            at org.apache.sqoop.Sqoop.runSqoop(Sqoop.java:179)

            at org.apache.sqoop.Sqoop.runTool(Sqoop.java:218)

            at org.apache.sqoop.Sqoop.runTool(Sqoop.java:227)

            at org.apache.sqoop.Sqoop.main(Sqoop.java:236)

    Caused by: javax.crypto.BadPaddingException: Given final block not
properly padded

            at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.
java:966)

            at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.
java:824)

            at com.sun.crypto.provider.AESCipher.engineDoFinal(
AESCipher.java:436)

            at javax.crypto.Cipher.doFinal(Cipher.java:2165)

            at org.apache.sqoop.util.password.CryptoFileLoader.
loadPassword(CryptoFileLoader.java:149)

            ... 12 more

    Error while loading password file: Can't decrypt the password


I tried manually giving the other CryptoFileLoader parameters too and also
passing local file to the --password-file .

 I also tried using other algorithms such as CBC but they want parameters
(IV, key etc.) and I couldn't pass them because it isn't defined how to in
the CryptoFileLoader.

I can decrypt the file back successfully with openssl. I can't decrypt with
Java program(?)


I saw there is an issue with padding but I didn't know what it is and how
to encrypt the file with a certain padding method or whatever else to do,
I'm not experienced with encryption.


There is also org.apache.sqoop.credentials.loader.crypto.iterations
parameter in the class which indicates number of PBKDF2 iterations but I
don't know if it changes anything.


Thanks for any help.

-- 
*BURAK ONGUN*

Mime
View raw message