Keyczar on GAE/J

60 views
Skip to first unread message

ivo

unread,
Jun 29, 2009, 11:17:24 AM6/29/09
to Keyczar Discuss
Hello,

I have a google app engine java application (GAE/J) and I'm thinking
on using Keyczar to encrypt sensible data.

Is there anyone already using Keyczar on GAE/J? Any problems? What
should I look out for?

Thanks!

Steve Weis

unread,
Jun 29, 2009, 3:39:42 PM6/29/09
to keyczar...@googlegroups.com
Hello. I haven't tried it out yet, but as far as I know there shouldn't be any reason it won't work. The JCE classes Keyczar uses are all whitelisted by GAE: http://code.google.com/appengine/docs/java/jrewhitelist.html

If you get it working, I'd be happy to put up any instructions on the Google code page.

ivo

unread,
Jul 1, 2009, 9:24:20 AM7/1/09
to Keyczar Discuss
Ok, so the good news are that I was able to use Keyczar 0.5b on GAE/J
without any problem (so no specific instructions are necessary).

But something is wrong with my local dev environment. I'm using a mac
with java 1.5 (32 bit), maven and eclipse for a GWT + GAE/J
application.

My Keyczar unit tests run fine on both maven and eclipse.

When I run the GWT + GAE/J application in hosted mode, I get the
following exception:

Caused by: java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance
(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance
(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at java.security.Provider$Service.newInstance(Provider.java:1130)
at javax.crypto.Mac.a(DashoA12275)
at javax.crypto.Mac.init(DashoA12275)
at org.keyczar.HmacKey$HmacStream.initSign(HmacKey.java:115)
at org.keyczar.Encrypter.encrypt(Encrypter.java:141)
at org.keyczar.Encrypter.encrypt(Encrypter.java:113)
at org.keyczar.Encrypter.encrypt(Encrypter.java:184)
... 30 more
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission loadLibrary.keychain)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:264)
at java.security.AccessController.checkPermission
(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:
532)
at com.google.appengine.tools.development.DevAppServerFactory
$CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
at java.lang.SecurityManager.checkLink(SecurityManager.java:818)
at java.lang.Runtime.loadLibrary0(Runtime.java:816)
at java.lang.System.loadLibrary(System.java:993)
at com.apple.crypto.provider.HmacCore.<clinit>(HmacCore.java:26)
... 52 more

what does this mean?

Thanks!

On Jun 29, 8:39 pm, Steve Weis <stevew...@gmail.com> wrote:
> Hello. I haven't tried it out yet, but as far as I know there shouldn't be
> any reason it won't work. The JCE classes Keyczar uses are all whitelisted
> by GAE:http://code.google.com/appengine/docs/java/jrewhitelist.html
> If you get it working, I'd be happy to put up any instructions on the Google
> code page.
>

Arkajit Dey

unread,
Jul 1, 2009, 12:39:49 PM7/1/09
to keyczar...@googlegroups.com
Hrm, I wonder if the problem is that AppEngine doesn't allow the app
to write to the file system (see
http://code.google.com/appengine/docs/whatisgoogleappengine.html). In
particular, java.io.FileWriter is not on the whitelist and that's what
KeyczarTool (through GenericKeyczar) uses to write the key files to
disk. We may need to store the key files in the AppEngine datastore
instead.

--arkajit
--
arkajit.blogspot.com

"Nothing is really work unless you would rather be doing something
else." - J.M. Barrie

ivo

unread,
Jul 1, 2009, 12:47:26 PM7/1/09
to Keyczar Discuss
I don't think that's it...

I generated the key files in my local disk and uploaded them to GAE.
I can successfully use Keyczar encryption / decryption on my app
running on GAE.

But in my local environment, when I run my app in hosted mode, I get
the exception above (while unit tests run without problems).

Thanks

On Jul 1, 5:39 pm, Arkajit Dey <arkajit....@gmail.com> wrote:
> Hrm, I wonder if the problem is that AppEngine doesn't allow the app
> to write to the file system (seehttp://code.google.com/appengine/docs/whatisgoogleappengine.html). In
Reply all
Reply to author
Forward
0 new messages