It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What crypto does the Encrypted Plugin for Jira use?

Alex Van Vucht Nov 30, 2017

This plugin is terrific for how simple it is, and I've confirmed that files at rest are indeed encrypted, but how is it encrypted? What's the algorithm and the strength?

I get a Iv value and a key when I first encrypt the data, I think that gives some indication?

1 answer

0 votes
Alberto Exposito May 04, 2018

Hi Alex, 

This plugin uses DesKeySpec for attachments, and AES for fields. 

Gregory Seidman May 22, 2018

To satisfy the decision makers that we can figure out how to reverse the decryption having backed up the keys and filesystem, can you give an openssl enc commandline to decrypt a file? It should be something like:

openssl enc -<cipher> -d -K <key> -iv <IV> -in <infile> -o <outfile>

So far I've had no success trying various combinations of DES ciphers and options.

Alberto Exposito May 23, 2018

Try only with Key (without IV)

Gregory Seidman May 23, 2018

Hang on, I had to generate a key and IV within Jira; how can it decrypt without an IV? And what cipher should I be using? There are lots of DES variants supported by openssl:

  • des
  • des3
  • des-cbc
  • des-cfb
  • des-ecb
  • des-ede
  • des-ede3
  • des-ede3-cbc
  • des-ede3-cfb
  • des-ede3-ofb
  • des-ede-cbc
  • des-ede-cfb
  • des-ede-ofb
  • des-ofb
  • desx

Also, are there any padding or salt options I should be passing?

Alberto Exposito May 23, 2018

Currently, we are working in order to change DES for AES method. 

In this case (DES), is only necessary the key, because we are using DESKeySpec class (provided by java) .Maybe, this page can help you. (https://www.programcreek.com/java-api-examples/?api=javax.crypto.spec.DESKeySpec)

On the other hand, I think that is not possible decrypt if you don't use JIRA. 

Gregory Seidman May 23, 2018

When you do the Cipher.getInstance(), what are you passing it? Can you post the scrap of code you're actually using?

Glenn Rees Sep 12, 2018

Hi Gregory,

 I have similar questions to yours, If we were to do this we have a requirement to be able to decrypt the data independently of JIRA. Did you ever work out how to do this?

Glenn.

Gregory Seidman Sep 13, 2018

Nope, we gave up on this vendor. Single DES uses a 56-bit key, which is insufficient . I stopped working on trying to decrypt manually when I realized how insecure it was. I might take another look if/when they manage to support AES (really, how hard do they think it is? it's just a slightly different Java API).

Glenn Rees Sep 13, 2018

Thanks for the info. Yes that is not sufficient. We would need it to be AES 256 to look at seriously.

Addon works with AES  (AES/CBC/PKCS5Padding) even for attachments since 1.6.3 plugin version. 

About decrypt the data independently of JIRA, I think that is not possible at the moment, but we are going to create a ticket. 

Glenn Rees Sep 16, 2018

Thanks for the update Alberto, good to hear about AES support. Let us know if there are developments with decrypt the data independently of JIRA in the future.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Marketplace Apps & Integrations

Join our webinar: “Asset Management: The Role of Context in ITSM” with Atlassian & Riada

  Hi Atlassian Community! This is Teresa from the Jira Service Desk team. On June 19th, I’ll be hosting a webinar “Asset Management: The Role of Context in ITSM” with Atlassian Partne...

178 views 2 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you