Adobe Experience Manager Sites & More

Krishna_C · 10/15/15

Hi Everyone,

I was trying to protect password available within my OSGi config. I need to use the same key across my instances so I tried to move the key.

I went through the article on "EXPORTING KEYS FROM AUTHOR AND IMPORTING ON PUBLISH" available at http://docs.adobe.com/docs/en/cq/5-6/wcm/campaigns/newsletters.html#Exporting keys from author and importing on publish

I have used Adobe eclipse plugin to get the master.binary file within the etc/key folder (etc/key/master is used as vault filter) . When I deployed the package and refreshed the "Crypto Package " from felix console AEM started behaving strangely. I can see CRX up and running but unable to load any of the content and even unable to deploy/build new packages .

As a workaround I have to delete the "etc" folder and restart my instance.

Can someone help me on the correct way to move the key.

Regards,

Krishna

Sham_HC · 10/15/15

Yes suggest to have key in a separate package and deploy as last one. But anyhow this not going to solve your existing problem based on the error.

When you delete /etc it work because it generates a new one & surely a problem with key itself that is in your file system. You said "checkout" & assuming you are using some source version controller liker git or svn etc.... In that case I am assuming for security reason the private key is changed by some other layers/commands when you try to store in repository. From all your symptoms I can say not issue with your package but some other commands changing the key file format itself.. As a example curl command to upload any binary that as private key changes its content due to security reason.

I have see this issue with some other case example uploading private key for saml using curl & informed our security team to validate & informed doc team to update. At this point of time I did not had enough proof to qualify as product bug. But if you have those steps & not due to checkouts please file official support ticket.

View solution in original post

Sham_HC · 10/15/15

I assume when you say "refreshed the Crypto Package " it means you restarted the bundle. There is a difference. In case it was refresh only then please stop & start the bundle.

If you have restarted the bundle then your symptoms looks strage. What is the error in logs & what is your deployment steps (First install key package--> then restart crypto bundle -> then deploy rest of packages)? Also make sure /etc/key/master is seperate package & deployed as last one.

Krishna_C · 10/15/15

Thanks for the reply Sham,

When I restart the bundle I get below exception

POST /system/console/bundles/92 HTTP/1.1] com.adobe.granite.crypto.internal.Activator setupCryptoSupport: Failed creating CryptoSupport Implementation: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

I assume that the (master.binary) file might have corrupted since I am trying to checkout the file to file system and them move across environments .(Not sure whether this can happen )

I have deployed the key as a part of my apps package.

Do you suggest to have key in a separate package and deploy as last one ?

Thanks,

Krishna

Sham_HC · 10/15/15

Yes suggest to have key in a separate package and deploy as last one. But anyhow this not going to solve your existing problem based on the error.

When you delete /etc it work because it generates a new one & surely a problem with key itself that is in your file system. You said "checkout" & assuming you are using some source version controller liker git or svn etc.... In that case I am assuming for security reason the private key is changed by some other layers/commands when you try to store in repository. From all your symptoms I can say not issue with your package but some other commands changing the key file format itself.. As a example curl command to upload any binary that as private key changes its content due to security reason.

I have see this issue with some other case example uploading private key for saml using curl & informed our security team to validate & informed doc team to update. At this point of time I did not had enough proof to qualify as product bug. But if you have those steps & not due to checkouts please file official support ticket.

Krishna_C · 10/15/15

Thanks Sham.

Now after installing the key as a separate package and restarting the bundle everything works fine, surely it a problem with the file in repository.

I will have key as a separate package. Since key deployment will be single time process so I don't see a big issue with that.

Thanks for quick response Sham.

Krishna

Adobe Experience Manager Sites & More

Issue with moving crypto keys between different instances

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe