Jasypt decryption EncryptionOperationNotPossibleException while using newer algorithms

Question

I am using Jasypt APIs (version 1.9.2) for encryption and decryption. While listing the algorithms using the command line interface tool, I am getting the following list.

listAlgorithms.bat

PBE ALGORITHMS:      [PBEWITHHMACSHA1ANDAES_128, 
PBEWITHHMACSHA1ANDAES_256, 
PBEWITHHMACSHA224ANDAES_128, 
PBEWITHHMACSHA224ANDAES_256, 
PBEWITHHMACSHA256ANDAES_128, 
PBEWITHHMACSHA256ANDAES_256, 
PBEWITHHMACSHA384ANDAES_128, 
PBEWITHHMACSHA384ANDAES_256,
PBEWITHHMACSHA512ANDAES_128, 
PBEWITHHMACSHA512ANDAES_256, 
PBEWITHMD5ANDDES, 
PBEWITHMD5ANDTRIPLEDES, 
PBEWITHSHA1ANDDESEDE, 
PBEWITHSHA1ANDRC2_128, 
PBEWITHSHA1ANDRC2_40, 
PBEWITHSHA1ANDRC4_128, 
PBEWITHSHA1ANDRC4_40]

But when I use any of the below algorithms (those are listed in the above list) to encrypt and decrypt the text, then encryption is working but decryption is failing.

PBEWITHHMACSHA1ANDAES_128
PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256

Here is the code snippet

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword("9daed9cd-e828-485f-a0a9-c63cfc364f4b");
encryptor.setAlgorithm("PBEWITHHMACSHA1ANDAES_256");
String input = "secret";
String enc = encryptor.encrypt(input);
System.out.println("Enc String: "+enc);
String dec = encryptor.decrypt(enc); //line 17 in the code where exception is thrown
System.out.println("Dec String: "+dec);

Here is the exception I am getting, while trying to decrypt the encrypted text.

Enc String: +APh51ggjCYY/UX92dJ4QmD52lMyTTJ7btqClF2EGT8=
Exception in thread "main" org.jasypt.exceptions.EncryptionOperationNotPossibleException
    at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
    at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
    at com.trimble.space.management.tpass.utilization.encryption.BasisTextCodec.main(BasisTextCodec.java:17)

After doing some more tests I can found that the following list of algorithms are not supported by Jasypt, it throws run time exception mentioned above.

PBEWITHHMACSHA1ANDAES_128, 
PBEWITHHMACSHA1ANDAES_256, 
PBEWITHHMACSHA224ANDAES_128, 
PBEWITHHMACSHA224ANDAES_256, 
PBEWITHHMACSHA256ANDAES_128, 
PBEWITHHMACSHA256ANDAES_256, 
PBEWITHHMACSHA384ANDAES_128, 
PBEWITHHMACSHA384ANDAES_256, 
PBEWITHHMACSHA512ANDAES_128, 
PBEWITHHMACSHA512ANDAES_256

But below algorithms are working fine, not giving any run time exception.

PBEWITHMD5ANDDES, 
PBEWITHMD5ANDTRIPLEDES, 
PBEWITHSHA1ANDDESEDE, 
PBEWITHSHA1ANDRC2_128, 
PBEWITHSHA1ANDRC2_40, 
PBEWITHSHA1ANDRC4_128, 
PBEWITHSHA1ANDRC4_40

Here is the test that produces the supported and not supported list of algorithms.

@Test
    public void test() {
        Set<String> supported = new HashSet<>();
        Set<String> unsupported = new HashSet<>();
        for (Object algorithms : AlgorithmRegistry.getAllPBEAlgorithms()) {
            String algo = (String) algorithms;
            try {
                StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
                encryptor.setAlgorithm(algo);
                encryptor.setPassword("secret");
                String encrypted = encryptor.encrypt("foo");
                String decrypted = encryptor.decrypt(encrypted);
                Assert.assertEquals("foo", decrypted);
                supported.add(algo);
            } catch (EncryptionOperationNotPossibleException e) {
                unsupported.add(algo);
            }
        }
        System.out.println("Supported");
        supported.forEach((String name) -> System.out.println("   " + name)); 
        System.out.println("Unsupported");
        unsupported.forEach((String name) -> System.out.println("   " + name)); 
    }

http://www.jasypt.org/encrypting-texts.html

This seems like a bug in the Jasypt code, here is the discussion thread.

The problem is that other than `PBEWITHMD5ANDTRIPLEDES` and `PBEWITHSHA1ANDDESEDE` none of those should be used and these two should not be used in new work. There is something wrong, AES is and has been the symmetric encryption standard since 2001. One must assume there is a problem in your AES code. Please add a link to the documentation you are using.One thing that is different in the "working" and "non-working" encryption algorithms is the block size, AES has a 16-byte block size. To state that the AES encryption algorithms are not supported sole on you not getting them to work is wrong. — zaph, Mar 26 '18 at 14:58

score 3 · Accepted Answer · answered Mar 26 '18 at 23:59

3

There seems like a bug in Jasypt, the detail can be found here. Even though a patch is provided, I cannot find a binaries released.

answered Mar 26 '18 at 23:59

S.Jose

409
5
15

Melloware · Answer 2 · 2019-01-02T18:56:44.150

3

The bug for Jasypt has been reported here.

You can find the patched version here on GitHub and build it with mvn clean package.

https://github.com/melloware/jasypt

I use this version in JDK 8 patch 162 or higher and it works great and all of the high level encryption like PBEWITHHMACSHA512ANDAES_256 works out of the box.

I have deployed to Maven Central as:

<dependency>
  <groupId>com.melloware</groupId>
  <artifactId>jasypt</artifactId>
  <version>1.9.4</version>
</dependency>

edited Jan 02 '19 at 18:56

answered Jul 23 '18 at 23:52

Melloware

10,435
2
32
62

Oddly enough it still didn't work out of box unless you specified encryptor.setIvGenerator(new RandomIvGenerator()); – Torsten Ojaperv Sep 11 '19 at 14:22
Yes you must declare and IVgenerator. – Melloware Sep 11 '19 at 18:04

Jasypt decryption EncryptionOperationNotPossibleException while using newer algorithms

2 Answers2

Linked