[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bdb encryption

To: Howard Chu <hyc@symas.com>
Subject: Re: bdb encryption
From: ghenry@OpenLDAP.org
Date: Tue, 9 Dec 2008 09:24:22 +0000 (GMT)
Cc: Gavin Henry <ghenry@OpenLDAP.org>, openldap-technical@OpenLDAP.org
In-reply-to: <216489.51228814619442.JavaMail.root@mail>

----- "Howard Chu" <hyc@symas.com> wrote:

> ghenry@OpenLDAP.org wrote:
> > Hi All,
> >
> > I'm just testing bdb encryption and it works as expected out of the
> box.
> >
> > But I'm trying to decrypt it using the bdb tools:
> >
> > [ghenry@suretec openldap-data]$
> /usr/local/BerkeleyDB.4.7/bin/db_verify objectClass.bdb
> > db_verify: Encrypted environment: no encryption key supplied
> > Segmentation fault
> 
> Interesting. It shouldn't segfault, perhaps you should report that as
> a bug to 
> Oracle.

Will do. If I use "cryptkey testing" all tools work. If I enter the wrong 
password using cryptkey is segfaults again after stating wrong pass.
 
> > So it segfaults, but it's the same with the key:
> >
> > [ghenry@suretec openldap-data]$
> /usr/local/BerkeleyDB.4.7/bin/db_verify -P "testing" objectClass.bdb
> > db_verify: Invalid password
> > Segmentation fault
> >
> > testing is set in slapd.conf via "cryptfile" and has the word
> "testing" in it:
> 
> How did you create the file? If you simply created it as a plain text
> file, 
> then it probably has a trailing NewLine as well. In which case, the
> NewLine is 
> part of the password...

Checked this and recreated vi vim and just:

 echo testing > cryptfile. 

All results in the same invalid password and 
segfault.

Cheers.

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

Follow-Ups:
- Re: bdb encryption
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Cannot start kerberos signing/sealing when using TLS/SSL
Next by Date: Re: Needs Urgent HELP from You regarding exportiong of the data
Index(es):
- Chronological
- Thread