search

wohaph / keyczar

Automatically exported from code.google.com/p/keyczar
0 stars 0 forks source link

Adding a new key can overwrite the existing, primary key. #98

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
On Thu, Jun 14, 2012 at 3:17 PM, JeffH <jeffh@delasco.com> wrote:
java -jar KeyczarTool-0.71f-060112.jar create --location=./test-keys 
--purpose=crypt
java -jar KeyczarTool-0.71f-060112.jar addkey --location=./test-keys 
--status=primary   (working good)
java -jar KeyczarTool-0.71f-060112.jar addkey --location=test-keys 
--status=primary     (working)
java -jar KeyczarTool-0.71f-060112.jar demote --location=test-keys --version=1  
           (1 is now inactive but available)
java -jar KeyczarTool-0.71f-060112.jar revoke --location=test-keys --version=1  
          (1 is now revoked, 2 is primary and still works)
java -jar KeyczarTool-0.71f-060112.jar addkey --location=test-keys 
--status=primary    (no 3 is created,  2 is replaced !!!!)

................
jlh@tech-001]$ cat test-keys/meta 
{"name":"","purpose":"DECRYPT_AND_ENCRYPT","type":"AES","versions":[{"exportable
":false,"status":"ACTIVE","versionNumber":2}],"encrypted":false}{jlh@tech-001:~/
temp/kczar/bin}
[jlh@tech-001]$ ls test-keys/
2  meta
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ java -jar KeyczarTool-0.71f-060112.jar addkey 
--location=test-keys --status=primary
log4j:WARN No appenders could be found for logger (org.keyczar.Keyczar).
log4j:WARN Please initialize the log4j system properly.
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ ls test-keys/
2  meta
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/2 
{"aesKeyString":"_De9iAA66qeLL2kZBNEd_A","hmacKey":{"hmacKeyString":"UMUycMb92Ph
UX-48NMf5fX1COsoIQUL8ZXv1i11M3B0","size":256},"mode":"CBC","size":128}{jlh@tech-
001:~/temp/kczar/bin}
[jlh@tech-001]$ java -jar KeyczarTool-0.71f-060112.jar addkey 
--location=test-keys --status=primary
log4j:WARN No appenders could be found for logger (org.keyczar.Keyczar).
log4j:WARN Please initialize the log4j system properly.
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ ls test-keys/
2  meta
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/2 
{"aesKeyString":"RSvif_F8fapJX2CCBkyoMw","hmacKey":{"hmacKeyString":"gK8A6wq9WFa
wlxNZacI8TSv3nZN8VtuKz3lqz1ANqbs","size":256},"mode":"CBC","size":128}{jlh@tech-
001:~/temp/kczar/bin}
[jlh@tech-001]$ java -jar KeyczarTool-0.71f-060112.jar addkey 
--location=test-keys --status=active
log4j:WARN No appenders could be found for logger (org.keyczar.Keyczar).
log4j:WARN Please initialize the log4j system properly.
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ ls test-keys/
2  meta
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/2 
{"aesKeyString":"5fTnxJeY7R9VDGaFdBlatg","hmacKey":{"hmacKeyString":"JXwsdSEeMwH
Suv4XrFWvTdswqNvS7_IN8gY1a9PcNDM","size":256},"mode":"CBC","size":128}{jlh@tech-
001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/meta 
{"name":"","purpose":"DECRYPT_AND_ENCRYPT","type":"AES","versions":[{"exportable
":false,"status":"ACTIVE","versionNumber":2}],"encrypted":false}{jlh@tech-001:~/
temp/kczar/bin}

The addkey is not created as primary, it overwrites 2 and now has an status of 
ACTIVE.

trying to promote ACTIVE 2, make it primary but now addkey is replacing the 
primary key
[jlh@tech-001]$ cat test-keys/meta 
{"name":"","purpose":"DECRYPT_AND_ENCRYPT","type":"AES","versions":[{"exportable
":false,"status":"ACTIVE","versionNumber":2}],"encrypted":false}{jlh@tech-001:~/
temp/kczar/bin}
[jlh@tech-001]$ java -jar KeyczarTool-0.71f-060112.jar promote 
--location=test-keys --version=2
log4j:WARN No appenders could be found for logger (org.keyczar.Keyczar).
log4j:WARN Please initialize the log4j system properly.
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/meta 
{"name":"","purpose":"DECRYPT_AND_ENCRYPT","type":"AES","versions":[{"exportable
":false,"status":"PRIMARY","versionNumber":2}],"encrypted":false}{jlh@tech-001:~
/temp/kczar/bin}
[jlh@tech-001]$ java -jar KeyczarTool-0.71f-060112.jar addkey 
--location=test-keys --status=active
log4j:WARN No appenders could be found for logger (org.keyczar.Keyczar).
log4j:WARN Please initialize the log4j system properly.
{jlh@tech-001:~/temp/kczar/bin}
[jlh@tech-001]$ cat test-keys/meta 
{"name":"","purpose":"DECRYPT_AND_ENCRYPT","type":"AES","versions":[{"exportable
":false,"status":"PRIMARY","versionNumber":2}],"encrypted":false}{jlh@tech-001:~
/temp/kczar/bin}
[jlh@tech-001]$ ls test-keys/
2  meta
{jlh@tech-001:~/temp/kczar/bin}

Ouch

Environment Details

[jlh@tech-001]$ java -version
java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.13) (6b20-1.9.13-0ubuntu1~10.04.1)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)

[jlh@tech-001]$ uname -a
Linux tech-001 2.6.32-41-generic #90-Ubuntu SMP Tue May 22 11:29:51 UTC 2012 
x86_64 GNU/Linux

Original issue reported on code.google.com by swillden@google.com on 14 Jun 2012 at 10:09

GoogleCodeExporter commented 9 years ago 
Please review this fix for issue #98.

Here's a test that demonstrates the problem:

http://code.google.com/p/keyczar/source/detail?r=adb97f5f47cc1ffb325dcbbfe0bc840
c4db19020&name=fix_addkey

Here's the fix:

http://code.google.com/p/keyczar/source/detail?r=d0dc4d606c1ba4ad412a9d6bebeb8da
c545eb361&name=fix_addkey

After the code has been reviewed, I'll merge to master.

Original comment by swillden@google.com on 19 Jun 2012 at 4:16