SYM_ENCRYPT not working with JGroups 5

Chintan Mohan Rohila

unread,

May 26, 2025, 1:04:23 AMMay 26

to jgroups-dev

Hi,

We have been trying to use SYM_ENCRYPT with JGroups 5 running on Java 17.

Command used for creating the secret key:
<JAVA17_HOME>/bin/keytool -genseckey -alias < alias > -keypass <keypass> -storepass <storepass> -keyalg Blowfish -keysize 56 -keystore .../jgroup.keystore -storetype JCEKS

<SYM_ENCRYPT
keystore_name="${jgroups.keystore_name}"
store_password="${jgroups.store_password}"
alias="${jgroups.alias}"
/>

But facing the following error. However, this was working fine with JGroups4 on Java 8.

Please guide how can SYM_ENCRYPT be used with JGroups 5 running on Java 17.

Exception in thread "main" java.io.IOException: DerInputStream.getLength(): lengthTag=78, too big.

at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:251)

at java.base/sun.security.util.DerValue.<init>(DerValue.java:444)

at java.base/sun.security.util.DerValue.<init>(DerValue.java:487)

at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2012)

at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221)

at java.base/java.security.KeyStore.load(KeyStore.java:1473)

at org.jgroups.protocols.SYM_ENCRYPT.readSecretKeyFromKeystore(SYM_ENCRYPT.java:107)

at org.jgroups.protocols.SYM_ENCRYPT.init(SYM_ENCRYPT.java:88)

at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:805)

at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:443)

at org.jgroups.JChannel.init(JChannel.java:745)

at org.jgroups.JChannel.<init>(JChannel.java:126)

at org.jgroups.JChannel.<init>(JChannel.java:107)

at org.jgroups.demos.Chat.start(Chat.java:34)

at org.jgroups.demos.Chat.main(Chat.java:99)

Bela Ban

unread,

May 26, 2025, 5:04:00 AMMay 26

to jgrou...@googlegroups.com

Use 'ant make-keystore' t generate the keystore. A comment in KeystoreGenerator says that keytool cannot be used for this.

--
You received this message because you are subscribed to the Google Groups "jgroups-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jgroups-dev...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/jgroups-dev/5ffbfc08-d2b8-4811-be4c-122b92a5f1f9n%40googlegroups.com.

-- 
Bela Ban | http://www.jgroups.org

Chintan Mohan Rohila

unread,

May 27, 2025, 1:12:48 AMMay 27

to Bela Ban, jgrou...@googlegroups.com

Thanks for your prompt response.

We tried with KeyStoreGenerator using any make script, but getting the same error. Could you please try it on your end using Java 17, and see if it works?