TIBCO Data Virtualization Studio login may fail with a decryption error

Products	Versions
TIBCO Data Virtualization	All supported versions

Description

In TIBCO Data Virtualization, logging into the studio 'may' fail with the "security decryption error".

Here is a complete stack trace:

ERROR [DBChannel-7] 2020-07-08 11:24:08.167 -0400 ServerChannelConnection - User Exception Occurred
com.compositesw.common.UserException: security decryption error [security-1900190]
Cause: Decryption error [Log ID: df6377f5-d6d8-4255-a2b5-5451b6ec8c6b]
   at com.compositesw.common.UserException$Builder.build(UserException.java:161)
   at com.compositesw.server.dbchannel.AbstractCommand.sendError(AbstractCommand.java:199)
   at com.compositesw.server.dbchannel.ServerCommand.init(ServerCommand.java:487)
   at com.compositesw.server.dbchannel.ServerCommand.dispatchCommand(ServerCommand.java:122)
   at com.compositesw.server.dbchannel.ServerCommand.run(ServerCommand.java:84)
   at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
   at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
   at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.Exception: security decryption error [security-1900190]
Cause: Decryption error
   at com.compositesw.server.dbchannel.AbstractCommand.sendError(AbstractCommand.java:196)
   ... 6 more
Caused by: com.compositesw.common.security.CompositeSecurityException: security decryption error [security-1900190]
   at com.compositesw.common.security.EncryptionManager.decryptedAESBytes(EncryptionManager.java:355)
   at com.compositesw.server.dbchannel.ServerCommand.init(ServerCommand.java:452)
   ... 5 more
Caused by: javax.crypto.BadPaddingException: Decryption error
   at java.base/sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:378)
   at java.base/sun.security.rsa.RSAPadding.unpad(RSAPadding.java:290)
   at java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:366)
   at java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392)
   at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
   at com.compositesw.common.security.encryption.Decryption.asymmDecrypt(Decryption.java:66)
   at com.compositesw.common.security.EncryptionManager.decryptedAESBytes(EncryptionManager.java:352)
   ... 6 more

This article provides a way to overcome this exception.

Issue/Introduction

Possible reasons why users may fail to login to TIBCO Data Virtualization studio with a security decryption error.

Resolution

Possible reasons on when you encounter "security decryption error" while logging into a TDV studio.

This can happen when you provide a wrong password, which then is used to get the key from a keystore, or which is converted into a key using a key generation function.
Bad padding can also happen if your data is corrupted in transport which is evident from the issue being resolved after a restart of the application.
Another probable reason is due to wrong (encrypted) password or wrong session key. The password is supposed to be encrypted with session key value.

In such scenarios when we are not able to login to studio and even if the restart of Server did not help in resolving the issue, follow the below steps:

Always save a backup of the encryption.properties and boot.properties files in case they somehow get corrupted in the future.
If you do encounter the encryption exception and TDV will not start up, try replacing the files with the previously backed up files and restart TDV.

Note: The encrypted strings can change in these files (they may look different with a text editor), but the un-encrypted strings will stay the same.

Always take full server backups at regular intervals for all DR issues. If all else fails, dropping the schema and importing the full server backup will restore everything to its pre-corrupted state.

Welcome to "KB Articles"