I am using spring config server and spring security. I have followed the link https://cloud.spring.io/spring-cloud-config/multi/multi__spring_cloud_config_server.html I have added JCF in C:\Program Files\Java\jdk1.8.0_171\jre\lib\security folder. When I post localhost:8080/encrypt { "description": "The encryption algorithm is not strong enough", "status": "INVALID" } This response comes. Please let me know the issue.
Asked
Active
Viewed 5,303 times
7
-
Did you exactly follow the link? If not, put some parameters that you used. – kelalaka Nov 02 '18 at 11:42
5 Answers
11
if you are getting {"description": "The encryption algorithm is not strong enough", "status": "INVALID" } response.The solution is just create bootstrap.properties file in config server and add encrypt.key="Secrete Key" property.
shubham bellale
- 151
- 1
- 5
7
Disclaimer: I am running org.springframework.cloud:spring-cloud-config-server:2.0.6.RELEASE.
It's not just enought to enable unlimited crypto policy (btw, it is by default starting from jdk8.161), but you have to also provide (in case you want to use symmetric cryptography) encrypt.key property.
You can find it down the documentation: http://cloud.spring.io/spring-cloud-config/2.0.x/single/spring-cloud-config.html#_key_management
PS: Set it within bootstrap.properties.
franta kocourek
- 1,207
- 12
- 19
1
bootstrap.properties are meant to be tracked under source control so i would rather reference the envcrypt.key value as an operating system environment variable.
For unix systems use export ENCRYPT_KEY=YOURKEY
Add this variable to one of start up files ~/bashrc, ~.profile or ~/.login to make it permanent
Bereket Belete
- 334
- 4
- 6
1
With spring cloud config server 2, we get an error response for endpoint /encrypt as The encryption algorithm is not strong enough.
This error occurs if you don't have encrypt.key property defined. Even if this is defined, to avoid this error, the property encrypt.key should be placed in bootstrap.properties rather than application.properties.
Aneeq Anwar
- 1,234
- 7
- 19
0
The cloud config server's encrypt.key property is used to decrypt encrypted properties in the configuration files therefore it is clearly too late (and wrong from a security perspective) to provide said key in those configuration files.
It needs to be available to the bootstrap context so yes you can put it in bootstrap.yml if that configuration file is suitably secured or better yet it should be provided at startup time by a trusted secret storage system like Vault.
It's a shame that Spring's way of telling you that you have got this wrong is to emit this error message:
{"description":"The encryption algorithm is not strong enough","status":"INVALID"}
Andy Brown
- 8,676
- 2
- 30
- 49