Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BatchMode] Password is decrypted twice when provided as a CLI argument
See original GitHub issueOverview
When executing a dataloader process in batch mode and providing the sfdc.password parameter as an argument on the command line, I receive an error java.security.GeneralSecurityException: Error to decrypt message. Dataloader appears to be attempting to decrypt the password twice. When the encrypted password is encrypted a second time, the login succeeds. Also, a portion of the plaintext password is leaked to the log.
This does not occur when the encrypted password is defined in the process-conf.xml file in the configOverrideMap section.
Expected Behavior
Dataloader should decrypt the password and execute the process.
Observed Behavior
Receive an error message from the encryption utility.
Environment
- OS: linux debian 10 [docker container]
- Java: openjdk version “11.0.13” 2021-10-19
- Dataloader: v53.0.2
Reproduction Steps
- Encrypt a password using the dataloader encryption utility.
- Execute a dataloader process, passing the
sfdc.passwordparameter in from the command line. e.g.dataloader.sh mode=batch process.name=myProcessName sfdc.password=<encrypted-password>
Workaround
Encrypt the password twice (once on the plaintext password, and a second time on the ciphertext output). Then dataloader appears to work correctly as the password is passed through the decryption utility twice.
Also providing sfdc.password in the process-conf.xml file does not appear to be impacted by the same issue.
Error message
Note: password here was “fakepass” running the process “csvAccountExtract” from the configuration samples.
23:31:47.879 [csvAccountExtract] ERROR com.salesforce.dataloader.security.EncryptionAesUtil - Fail to decrypt message: For input string: "ke"
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
23:31:47.883 [csvAccountExtract] ERROR com.salesforce.dataloader.config.Config - Error loading parameter: sfdc.password of type: java.lang.String
java.security.GeneralSecurityException: Error to decrypt message:
at com.salesforce.dataloader.security.EncryptionAesUtil.decryptMsg(EncryptionAesUtil.java:218) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptProperty(Config.java:807) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptPasswordProperty(Config.java:769) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.postLoad(Config.java:758) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.loadParameterOverrides(Config.java:787) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:137) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:117) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.runBatchMode(ProcessRunner.java:272) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.DataLoaderRunner.main(DataLoaderRunner.java:108) [dataloader-53.0.2-uber.jar:?]
Caused by: java.lang.NumberFormatException: For input string: "ke"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) ~[?:?]
at java.lang.Integer.parseInt(Integer.java:652) ~[?:?]
at java.lang.Integer.valueOf(Integer.java:957) ~[?:?]
at java.lang.Integer.decode(Integer.java:1436) ~[?:?]
at com.salesforce.dataloader.security.EncryptionUtil.textToBytes(EncryptionUtil.java:40) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.security.EncryptionAesUtil.decryptMsg(EncryptionAesUtil.java:214) ~[dataloader-53.0.2-uber.jar:?]
... 8 more
23:31:47.900 [main] FATAL com.salesforce.dataloader.process.ProcessRunner - Unable to run process csvAccountExtract
java.lang.RuntimeException: com.salesforce.dataloader.exception.ParameterLoadException: Error loading parameter: sfdc.password of type: java.lang.String
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:182) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:117) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.runBatchMode(ProcessRunner.java:272) [dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.DataLoaderRunner.main(DataLoaderRunner.java:108) [dataloader-53.0.2-uber.jar:?]
Caused by: com.salesforce.dataloader.exception.ParameterLoadException: Error loading parameter: sfdc.password of type: java.lang.String
at com.salesforce.dataloader.config.Config.decryptProperty(Config.java:814) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptPasswordProperty(Config.java:769) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.postLoad(Config.java:758) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.loadParameterOverrides(Config.java:787) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:137) ~[dataloader-53.0.2-uber.jar:?]
... 3 more
Caused by: java.security.GeneralSecurityException: Error to decrypt message:
at com.salesforce.dataloader.security.EncryptionAesUtil.decryptMsg(EncryptionAesUtil.java:218) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptProperty(Config.java:807) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptPasswordProperty(Config.java:769) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.postLoad(Config.java:758) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.loadParameterOverrides(Config.java:787) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:137) ~[dataloader-53.0.2-uber.jar:?]
... 3 more
Caused by: java.lang.NumberFormatException: For input string: "ke"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) ~[?:?]
at java.lang.Integer.parseInt(Integer.java:652) ~[?:?]
at java.lang.Integer.valueOf(Integer.java:957) ~[?:?]
at java.lang.Integer.decode(Integer.java:1436) ~[?:?]
at com.salesforce.dataloader.security.EncryptionUtil.textToBytes(EncryptionUtil.java:40) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.security.EncryptionAesUtil.decryptMsg(EncryptionAesUtil.java:214) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptProperty(Config.java:807) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.decryptPasswordProperty(Config.java:769) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.postLoad(Config.java:758) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.config.Config.loadParameterOverrides(Config.java:787) ~[dataloader-53.0.2-uber.jar:?]
at com.salesforce.dataloader.process.ProcessRunner.run(ProcessRunner.java:137) ~[dataloader-53.0.2-uber.jar:?]
... 3 more
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
command-line interface encrypt password · Issue #418 - GitHub
We are currently using dataloader v40 command-line interface and looking to ... will not need to encrypt the password again to use v53.0.3...
Read more >Suppress the passphrase prompt in GPG command
I want to encrypt the data in Linux and decrypt in Windows. myFileOnLinux.txt is a file on Linux that I want to encrypt....
Read more >shell script - gpg asks for password even with --passphrase
While no -d parameter is given (same syntaxe as SO's question), decrypted datas from file.gpg will be extracted to a new file ....
Read more >gpg man page - GnuPG
If the decrypted file is signed, the signature is also verified. ... If this command is given twice, the fingerprints of all secondary...
Read more >Extract password from LOGIN object and put it into script ...
We are able to get unencrypted passwords from a LOGIN object called TSM.LOGIN using the job messenger daemon. The following commands are in...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @KThompso , here is a patch that should fix the issue. MD5 (dataloader_mac.zip) = 0134ca8ea369f429eaf68cbdf962afd6 MD5 (dataloader_win.zip) = 2a73b19cbcc3ba5d91c05783055a2b03
dataloader_mac.zip dataloader_win.zip
You can unzip one of these and use the uber jar (dataloader-53.0.2-uber.jar) on linux because the jar file is identical for all platforms.
Hi @KThompso , thanks for confirming the fix. We do not support the use of plaintext password. So, do not rely on that property.