Maven password encryption BadPaddingException

11
votes

I'm trying to encrypt a server password in my settings.xml and I'm getting this exception when trying to deploy an artifact.

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
    at javax.crypto.Cipher.doFinal(Cipher.java:2087)
    at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:185)
    ... 18 more

here's the excerpt from the xml

<server>
            <id>server</id>
            <username>username</username>
            <password>{N8AF8BmQ5x8HZX/yrlrP1QiKNMEdoXWyBFZd/*zIabY=}</password> 
        </server>

the same exception is also happening for my master password, I just followed the instructions here https://maven.apache.org/guides/mini/guide-encryption.html created a security-settings.xml like in the guide, executed these two commands and copied the encrypted passwords into the appropriate xml files.

mvn --encrypt-master-password <password>
mvn --encrypt-password <password>
4
mavenencryption
In rare cases there's an escaping issue, not sure if that's happening here. Consider regenerating both emp and ep (their values will be different every time)Robert Scholte
I'm assuming emp and ep mean the master and server password?gary69
-emp = --encrypt-master-password, -ep = --encrypt-password (see mvn -h or mvn --help :) )Robert Scholte
@RobertScholte Could you please insert your comment as an answer so it can be marked as accepted? Your solution is useful but could not be noticed as a commentabarisone

4 Answers

6
votes

In rare cases there's an escaping issue, that's probably happening here. Consider regenerating the masterpassword (with -emp or --encrypt-master-password) and/or password ( with -ep or --encrypt-password) . Their values will be different every time.

5
votes

Or maybe by accident you copy-pasted the wrong parameter: 

--encrypt-master-password

and put the output in settings.xml instead of: 

--encrypt-password

which got me into trouble. (Darn password expiration policies)

1
votes

Let's understand the problem here.

mvn encryption password is used to ensure secured access to the protected repository servers (possible Nexus or JFrog).

This access is based on 2 settings.

  1. Common settings available in <MAVEN_HOME>/conf/settings.xml which will define the list of repositories and required username password for them. A typical entry would look like below

<server>
      <id>my.server</id>
      <username>foo</username>
      <password>{COQLCE6DU6GtcS5P=}</password>
 </server>

To have a password for this file, the command is

mvn --encrypt-password <password>
  1. User specific settings available in local repo path (can be found in the <MAVEN_HOME>/conf/settings.xml) something like C:/Users/user/.m2/settings-security.xml which looks like below

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

To have a password for this file the mvn command is

mvn --encrypt-master-password <password>

Now the exception mentioned in the question is mostly the potential side effect of accidentally copying the password generated by mvn --encrypt-password <password> in the settings-security.file instead of using password generated by mvn --encrypt-master-password <password>

So double check your steps and it should solve the issue.

For detailed reference visit Maven - Password Encryption

0
votes

Came across the same issue. Solved it by:

1) generating encrypted password using quotes around my password as opposed to no quotes (this seemed to remove the +)

e.g. mvn -emp "myPassword123" and mvn -ep "myPassword123"

instead of mvn -emp myPassword123 and mvn -ep myPassword123

2) making sure my settings.xml and settings-security.xml were in the correct directories. (i have my settings.xml in the maven install directory and the settings-security.xml in the .m2 directory)

This worked for me anyway

ps. i had to close terminal after editing settings file as i think it was doing some sort of caching