sqoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amit Kumar <ak3...@gmail.com>
Subject Re: Getting BadPaddingException while doing an import with encrypted password file
Date Fri, 10 Mar 2017 05:41:49 GMT
unsubscribe

On Thu, Mar 9, 2017 at 6:27 PM, Burak Ongun <burakongun@gmail.com> wrote:

> I encrypt file with openssl then put it on HDFS, I used AES/ECB, 128 bits
> and salt option, and with some research I find out openssl uses PKCS5
> padding as default which are all defaults in CryptoFileLoader class here;
>
> https://apache.googlesource.com/sqoop/+/refs/heads/trunk/src
> /java/org/apache/sqoop/util/password/CredentialProviderPasswordLoader.java
> .
>
>
>
> Here is my encryption process:
>
>
>     # echo -n "password" > .pw
>
>     # openssl enc -aes-128-ecb -salt -in .pw -out .pw.enc
>
>     # hdfs dfs -put .opw.enc /user/user1/
>
>
> Sqoop version is 1.4.6
>
>
> Command:
>
>
>     sqoop import \
>
>     -Dorg.apache.sqoop.credentials.loader.class=org.apache.
> sqoop.util.password.CryptoFileLoader \
>
>     -Dorg.apache.sqoop.credentials.loader.crypto.passphrase=sqoop \
>
>     --connect jdbc:oracle:thin:@host/database \
>
>     --username user1 \
>
>     --password-file /user/user1/.pw.enc \
>
>     --table db.table1 \
>
>     --hive-import \
>
>     --hive-overwrite \
>
>     --hive-table hivedb.table1 \
>
>     --hive-drop-import-delims
>
>
> which gives:
>
>
>     17/03/08 15:10:37 WARN tool.BaseSqoopTool: Failed to load password file
>
>     java.io.IOException: Can't decrypt the password
>
>             at org.apache.sqoop.util.password
> .CryptoFileLoader.loadPassword(CryptoFileLoader.java:151)
>
>             at org.apache.sqoop.util.Credenti
> alsUtil.fetchPasswordFromLoader(CredentialsUtil.java:81)
>
>             at org.apache.sqoop.util.Credenti
> alsUtil.fetchPassword(CredentialsUtil.java:66)
>
>             at org.apache.sqoop.tool.BaseSqoo
> pTool.applyCredentialsOptions(BaseSqoopTool.java:1042)
>
>             at org.apache.sqoop.tool.BaseSqoo
> pTool.applyCommonOptions(BaseSqoopTool.java:997)
>
>             at org.apache.sqoop.tool.ImportTool.applyOptions(ImportTool.
> java:875)
>
>             at org.apache.sqoop.tool.SqoopTool.parseArguments(SqoopTool.
> java:435)
>
>             at org.apache.sqoop.Sqoop.run(Sqoop.java:131)
>
>             at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
>
>             at org.apache.sqoop.Sqoop.runSqoop(Sqoop.java:179)
>
>             at org.apache.sqoop.Sqoop.runTool(Sqoop.java:218)
>
>             at org.apache.sqoop.Sqoop.runTool(Sqoop.java:227)
>
>             at org.apache.sqoop.Sqoop.main(Sqoop.java:236)
>
>     Caused by: javax.crypto.BadPaddingException: Given final block not
> properly padded
>
>             at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:
> 966)
>
>             at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:
> 824)
>
>             at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.
> java:436)
>
>             at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>
>             at org.apache.sqoop.util.password
> .CryptoFileLoader.loadPassword(CryptoFileLoader.java:149)
>
>             ... 12 more
>
>     Error while loading password file: Can't decrypt the password
>
>
> I tried manually giving the other CryptoFileLoader parameters too and also
> passing local file to the --password-file .
>
>  I also tried using other algorithms such as CBC but they want parameters
> (IV, key etc.) and I couldn't pass them because it isn't defined how to in
> the CryptoFileLoader.
>
> I can decrypt the file back successfully with openssl. I can't decrypt
> with Java program(?)
>
>
> I saw there is an issue with padding but I didn't know what it is and how
> to encrypt the file with a certain padding method or whatever else to do,
> I'm not experienced with encryption.
>
>
> There is also org.apache.sqoop.credentials.loader.crypto.iterations
> parameter in the class which indicates number of PBKDF2 iterations but I
> don't know if it changes anything.
>
>
> Thanks for any help.
>
> --
> *BURAK ONGUN*
>

Mime
View raw message