different encryption algorithm

[dpu1356]

No matter what I do, I am unable to get the value for Algorithm on the
Encryption tab of Cockpit to be anything other than
"PBEWithMD5AndDES". I think the reason for this is that line 206 of
PreferencesDialog calls the EncryptionUtil constructor that takes a
single String. That constructor has "PBEWithMD5AndDES" hard-coded as
the value for algorithm.

Also, how about a drop-down or list somewhere in Cockpit that shows
all of the available algorithms? For my JRE that list is:

ARCFOUR
PBEWITHSHA1ANDDESEDE
DESEDEWRAP
PBEWITHMD5ANDTRIPLEDES
DESEDE
RSA
AESWRAP
AES
PBEWITHMD5ANDDES
BLOWFISH
DES
RC2
PBEWITHSHA1ANDRC2_40

Will JetS3t use any of them? Or only the ones that start with "PBE"?

[James Murty]

I believe the encryption algorithm setting in jets3t.properties (in
the classpath and optionally in the Cockpit home directory) does
actually work, however as you point out the algorithm displayed in
the encryption dialog box is always the default algorithm. Try
uploading a file with encryption turned on, then view the object's
properties - encrypted items will have a metadata entry describing
the encryption algorithm used.

Following your suggestion I have added a listing of available
algorithms to the dialog box, as well as adding the Bouncy Castle
provider to the JetS3t suite. With this change the algorithm used by
Cockpit can be changed on the fly in the Preferences dialog box, and
the extra Bouncy Castle algorithms will be available as long as the
BC library is available on the classpath.

Note that only PBE algorithms are supported in JetS3t at present. I
believe this is appropriate as these are the algorithms intended for
password-based encryption, which is what JetS3t is doing.

From the ciphers you listed I'm guessing you're using JDK 1.6 which
is good as this version includes thecipher PBEWITHMD5ANDTRIPLEDES
which is much better than the JetS3t default (which is only single DES).

[dpu1356]

Are you going to add the BC provider jar to the classpath in the
scripts in the bin directory, or is it up to the user to figure out
how to do that?

What is the relationship between the crypto.algorithm property in
jets3t.properties and the drop-down in Cockpit?

When opening the encryption preferences dialog I'm getting several
errors like this:

ERROR [org.jets3t.service.security.EncryptionUtil] Availability test
failed for encryption cipher PBEWITHSHA256AND192BITAES-CBC-BC
java.security.InvalidKeyException: Illegal key size

[James Murty]

> Are you going to add the BC provider jar to the classpath in the
> scripts in the bin directory, or is it up to the user to figure out
> how to do that?

The lack of the Bouncy Castle library in the scripts was an
oversight, I have added this. Thanks for the heads up.

> What is the relationship between the crypto.algorithm property in
> jets3t.properties and the drop-down in Cockpit?

The algorithm drop-down list in Cockpit's preferences overrides the
"crypto.algorithm" setting in jets3t.properties files. When the
encryption preferences are first opened the default algorithm as
specified by "crypto.algorithm" will be selected, provided this
algorithm is available and usable on the system.

Changes to the algorithm preference in the drop-down are not saved
back to the jets3t.properties file, and therefore apply only to the
current Cockpit session.

> When opening the encryption preferences dialog I'm getting several
> errors like this:
>
> ERROR [org.jets3t.service.security.EncryptionUtil] Availability test
> failed for encryption cipher PBEWITHSHA256AND192BITAES-CBC-BC
> java.security.InvalidKeyException: Illegal key size

This error message, which can occur quite often on JDK installations
without the export-grade JCE extensions installed, has been
downgraded to a DEBUG message.