topic Re: Password type encryption algorithm in Talend Studio

Password type encryption algorithm

qwer1 — Fri, 15 Nov 2024 23:34:39 GMT

Hello Talend,

I have a project using Talend Open Studio for Data Integration 7.3.1 where passwords are set in context variables set to type 'Password'. When the project is compiled, the password is encrypted in Default.properties.

Eg: test123 = enc:routine.encryption.key.v1:Rw3boZGBT70t41tOiemDr8bsVMaFN54USSxasXSvxKpVPQs=

What algorithm and key strength are used for this encryption? Is it AES-256 or something else?

Thanks in advance!

Re: Password type encryption algorithm

gjeremy1617088143 — Fri, 29 Oct 2021 07:44:04 GMT

Two encryption keys are now used by Talend Studio, Talend Administration Center and Talend components to encrypt passwords.

system.encryption.key
: for encrypting properties and nexus passwords.
routine.encryption.key
: for encrypting passwords of generated Jobs.

The default values of these two keys system.encryption.key.v1 and routine.encryption.key.v1 are stored in the encryption key configuration file /configuration/studio.keys, which is created under the installation directory of your Talend Studio after you run the Talend Studio executable file Talend-Studio-linux-gtk-x86_64 for the first time. Below is an example of the newly created studio.keys file.

system.encryption.key.v1=ObIr3Je6QcJuxJEwErWaFWIxBzEjxIlBrtCPilSByJI\=

routine.encryption.key.v1=YBoRMn8gwD1Kt3CcowOiGeoxRbC2eNNVm7Id6vA3hrk\=

in the class that encrypt password we can found the following import :

import java.security.SecureRandom;

import javax.crypto.Cipher;

import javax.crypto.SecretKey;

import javax.crypto.SecretKeyFactory;

import javax.crypto.spec.DESKeySpec;

So it seems to use DES for encryption

we could see it in the code :

Cipher.getInstance("DES")

DES is a block cipher and encrypts data in blocks of size of 64 bit each, means 64 bits of plain text goes as the input to DES, which produces 64 bits of cipher text. The same algorithm and key are used for encryption and decryption, with minor differences. The key length is 56 bits.

Re: Password type encryption algorithm

qwer1 — Fri, 29 Oct 2021 08:49:06 GMT

Thank you for your reply!

May I know exactly where did you find the imports? I can't seem to find them.

Re: Password type encryption algorithm

gjeremy1617088143 — Fri, 29 Oct 2021 09:22:20 GMT

You have to look in the code window, and you can use ctrl+f to search encrypt

then you right click on the encrypt function and select open declaration

Send me love and kudos

Re: Password type encryption algorithm

qwer1 — Fri, 29 Oct 2021 10:11:39 GMT

Thank you but I've checked in the code window, the password encryption is made in PasswordEncryptUtil and the encryption is in org.talend.daikon.crypto.Encryption which is a jar and code is not accessible tho.

Re: Password type encryption algorithm

gjeremy1617088143 — Fri, 29 Oct 2021 12:28:42 GMT

https://github.com/Talend/daikon/blob/master/daikon-crypto/crypto-utils/src/main/java/org/talend/daikon/crypto/Encryption.java

https://github.com/Talend/daikon/blob/master/daikon-crypto/crypto-utils/src/main/java/org/talend/daikon/crypto/CipherSources.java

publicstaticCipherSourceaesGcm(intivLength, inttagLength, Providerp) { if (Stream.of(16, 15, 14, 13, 12).noneMatch(i -> i == tagLength)) { thrownewIllegalArgumentException("Invalid authentication tag length"); } returnnewSymmetricKeyCipherSource(ivLength) { @OverrideprotectedCipherget(KeySourcesource, intencryptMode, byte[] iv) throwsException { finalCipher c = p !=null?Cipher.getInstance("AES/GCM/NoPadding", p) :Cipher.getInstance("AES/GCM/NoPadding"); finalbyte[] sourceKey = source.getKey(); finalKey key =newSecretKeySpec(sourceKey, "AES"); finalGCMParameterSpec spec =newGCMParameterSpec(tagLength *8, iv); c.init(encryptMode, key, spec); return c; } };

in Talend code we can see that default cypher is used so we could deduce it's AES-GCM algorithm