I have been using AES encryption to authentic users. But recently faced an issue when an user upgraded his product and when he tried to login with his credentials, below error message thrown to jboss:
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) Caused by: aesdpapi.AesDataProtectionAPIException: A native error occured in function 'UnprotectData'. Error 87 : The parameter is incorrect.
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1)
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) at aesdpapi.AesDataProtectionAPI.unprotectDataNative(Native Method)
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) at aesdpapi.AesDataProtectionAPI.unprotectData(AesDataProtectionAPI.java:348)
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.LDAPAuthenticationModel.decryptLdapPasswordUsingAES(LDAPAuthenticationModel.java:348)
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.LDAPAuthenticationModel.getRSAPasswordFromAES(LDAPAuthenticationModel.java:326)
11:17:02,907 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.LDAPAuthenticationModel.decryptLdapPassword(LDAPAuthenticationModel.java:312)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.LDAPAuthenticationModel.loadLDAPAttributes(LDAPAuthenticationModel.java:229)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.LDAPAuthenticationModel.<init>(LDAPAuthenticationModel.java:186)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.AuthenticationModelFactoryImpl.createInstance_aroundBody0(AuthenticationModelFactoryImpl.java:49)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.security.bo.impl.AuthenticationModelFactoryImpl$AjcClosure1.run(AuthenticationModelFactoryImpl.java:1)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
11:17:02,923 INFO [stdout] (ajp-/0.0.0.0:9009-1) at com.gehcit.cp.aop.monitor.MonitoredClassAspect.run(MonitoredClassAspect.java:53)
aesdpapi is my custome library to store AES related files. I need to know why am I getting this exception, what can be the probable cause of this exception.
I suspect that the new version is using the new key to decrypt the user password, which was encrypted with old key before the upgrading the product. After the upgrade a new key has got generated, which is unable to decrypt the password which was encrypted by old key.
This happened due to the mismatch of Java Key store File and Certificate file.