Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

Why am I seeing the EUM startup error "Illegal key size or default parameters"?

Issue 

What should I do if my EUM Server is unable to start because of below error?

Error Starting EUM Processor Server
 |      com.google.inject.CreationException: Unable to create injector, see the following errors:

Error in custom provider, com.singularity.ee.util.security.credentialstore.exception.CryptoOperationFailureException: Failed to decrypt: Illegal key size or default parameters

Error in custom provider, com.singularity.ee.util.security.credentialstore.exception.CryptoOperationFailureException: 
Failed to decrypt: Input length must be multiple of 16 when decrypting with padded cipher.....

 

Cause And Solution

This error is mostly seen post-upgrade or during upgrades, which stops the EUM upgrade/startup or login process.
 
This usually happens when encrypted/obfuscated values in the eum.properties are incorrect. In order to fix this, edit your eum.properties file with the properties below and restart your EUM server
 
1. Change onprem.useEncryptedCredentials=true to false -->  onprem.useEncryptedCredentials=false
 
2. Set the password in plaintext for the below properties:
onprem.dbPassword=<<plaintext passowrd>>
onprem.credentialKey=<<plaintext passowrd>>
 
3. If the upgrade was from 4.0 to 4.5, you might also have to update the password in  <eum_server_home>/eum-processor/bin/liquidbase.properties for the password property. 
 
4. Restart the EUM server.
 
If, however, you cannot use the plaintext passwords and you need to use encrypted passwords, you will need to regenerate the encrypted key for the the database password and obfuscated keys for the credential key. Then, update the eum.properties file and restart the EUM Server.  The database password may not be decipherable using the key in use. You can follow the steps below to complete this for this process:

1. Generate a new credential store:
bin/eum-credential-key.sh generate_ks -storepass <store_password>
 
2. Generate a new obfuscated password for the credential store:
bin/eum-credential-key.sh obfuscate -plaintext <store_password>
 
3. Generate a new database password:
bin/eum-credential-key.sh encrypt -storepass <store_password> -plaintext <DB_password>
 
4 After this, modify the eum.properties file as:
onprem.dbPassword=<<output of 3 above>>
onprem.credentialKey=<<output of 2 above>>
onprem.useEncryptedCredentials=true
 
5. Restart the EUM Server. 
 
For additional information on this change the credential keystore password for the EUM Database
click here
Version history
Revision #:
3 of 3
Last update:
2 weeks ago
Updated by:
 
Labels (1)
0 Kudos