I'm trying to migrate from the AES module to Real AES following the instructions here: https://www.drupal.org/project/aes
When I try to create the "Real AES Key" I get the message "The selected key size does not match the actual size of the key."
I generated the key using openssl rand -base64 128 > encryption.key
Attached is the key I tried (this is just a testing key) and these are the settings I selected:
Key type: Encryption
Key size: 128
Key provider: File
Key location: ../keys/encryption.key (I stepped through in a debugger and the path is correct)
Base64-encoded: yes
When I submit the form, eventually key_type_encryption_validate_key_value() runs. $bytes is 16 (128/8), but it's being compared to strlen($key_value) which is 128. Is that a bug or did I choose the wrong values?
Comment | File | Size | Author |
---|---|---|---|
encryption.key_.txt | 175 bytes | KarlShea |
Comments
Comment #2
KarlSheaI see, I had to set a custom key size of 1024. I feel like the migration instructions are not as clear as they could be, I'll move this issue over there.
Comment #3
rlhawkRight. If you want a 128-bit key, use:
openssl rand -base64 16 > encryption.key
If you're using the Real AES module and the Defuse PHP Encryption library, the key will need to be a certain size — probably 128 bits, not 1024. AES doesn't support keys that large.
Comment #4
KarlSheaCool, thanks, that worked. Who needs to be pinged to update the migration instructions? There are still 7000 sites using AES and I know this will be an issue again, I'm only using it to encrypt UPS shipping credentials.
Comment #5
ñull CreditAttribution: ñull as a volunteer commentedThe key module size setting is in BITS. The openssl command number is in bytes. The openssl command in the migration instruction does not create the 128 BIT but a 1024 BIT key size. With the given instructions the key size should be 1024. The migration instruction should therefore be:
16 (bytes) x 8 (bits) = 128 bits.
I also tried a large key size. Apparently 2048 is too much because it did not work here.
Comment #6
ñull CreditAttribution: ñull as a volunteer commentedAnother error in the migration instruction is that the old aes module should be deleted before you try to enable the new one. In my case the old one got re-enabled because Drupal cannot distinguish between two modules with the same machine name. To deinstall you need to do the reverse, delete the new aes submodule of real_aes and re-download the old eas. After de-installation you need to re-download the new aes sub-module of real_aes again.
Comment #7
ñull CreditAttribution: ñull as a volunteer commentedComment #8
Cellar Door CreditAttribution: Cellar Door commentedThanks for the input all! We've updated the migration instructions.