I have a spring TextEncryptor defined like this
<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
factory-method="text">
<constructor-arg value="${security.encryptPassword}" />
<constructor-arg value="${security.encryptSalt}" />
</bean>
Which is fed these properties
security.encryptPassword=47582920264f212c566d5e5a6d
security.encryptSalt=39783e315e6a207e733d6f4141
Which works fine on my local environment. When I deploy to Heroku I get
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36)
...
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972)
at javax.crypto.Cipher.implInit(Cipher.java:738)
at javax.crypto.Cipher.chooseProvider(Cipher.java:797)
at javax.crypto.Cipher.init(Cipher.java:1276)
at javax.crypto.Cipher.init(Cipher.java:1215)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105)
... 53 more
So I tried some smaller keys but I always get the same problem. What is the correct key size to use on Heroku?
So I think I’ve concluded Heroku just plain doesn’t support 256 bit AEP which is what the stock TextEncoders in spring-security use.
Instead I’ve used the BasicTextEncryptor from the Java Simplified Encryption library as an alternative backend and implemented the TextEncryptor interface.
It’s less secure but it works. It doesn’t provide a salting mechanism, though I think there are provisions for that elsewhere in the library.
If anyone has any ideas how to get the stock encryptors working on heroku then that would still be preferable I think.