I'm trying to get a jdbc hsqldb instance encrypted using threefish-512 from bouncycastle. Hsqldb supports configuring this via the connection url: http://hsqldb.org/doc/guide/dbproperties-chapt.html#dpc_crypt_props. I'm familiar with the essentials of cryptography and such but have never worked with JCE, bouncycastle, etc.
I first added crypt_type=Threefish-512;crypt_key=de7e... to my connection string. This threw exceptions about unknown providers and algorithms. Specifying crypt_provider=org.bouncycastle.jce.provider.BouncyCastleProvider did not fix this.
I then added Security.addProvider(new BouncyCastleProvider()); to my code before the jdbc initialization and now crypt_type=Threefish-512;crypt_key=de7e... (without crypt_provider) seems to work mostly. It throws a new exception though:
Illegal key size or default parameters
My crypt_key is 128 hex chars, so it's a 512 bit key. I doubt the key is the problem here. Debugging the Cipher class shows the key is indeed parsed to an array of 64 bytes.
Do I need to do some sort of configuration on bouncycastle/threefish after adding it as a provider? Simple information about this subject seems to be pretty sparse around the internet, there's no quick start to bouncycastle's threefish or other mentions of this problem or anything that I could find.
Spring boot project, hsqldb 2.4.0, bouncycastle 1.59 from maven org.bouncycastle:bcprov-jdk15on. Everything already works (db connection and such), I'm just trying to add encryption of the db on top of it. Normally, all you need to do for that is adding the crypt_* parameters to the connection string and hsqldb will handle the rest.
public static void main(String[] args) {
Security.addProvider(new BouncyCastleProvider());
ConfigurableApplicationContext app = SpringApplication.run(App.class, args);
application.properties
spring.datasource.url=jdbc:hsqldb:${app.db.path};create=${spring.datasource.initialize};hsqldb.tx=mvlocks;hsqldb.tx_level=serializable;crypt_type=Threefish-512;crypt_key=de7e...
Am I missing something like this?
BouncyCastleProvider provider = new BouncyCastleProvider();
provider.setParameter("foo", "bar");
Security.addProvider(provider);
Sigh. Silly US lawmakers and their shenanigans. I was using java 8u151, which still has the restricted crypto policy. Updating to u161 solved the problem.