It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What crypto does the Encrypted Plugin for Jira use?

This plugin is terrific for how simple it is, and I've confirmed that files at rest are indeed encrypted, but how is it encrypted? What's the algorithm and the strength?

I get a Iv value and a key when I first encrypt the data, I think that gives some indication?

1 answer

Hi Alex, 

This plugin uses DesKeySpec for attachments, and AES for fields. 

To satisfy the decision makers that we can figure out how to reverse the decryption having backed up the keys and filesystem, can you give an openssl enc commandline to decrypt a file? It should be something like:

openssl enc -<cipher> -d -K <key> -iv <IV> -in <infile> -o <outfile>

So far I've had no success trying various combinations of DES ciphers and options.

Try only with Key (without IV)

Hang on, I had to generate a key and IV within Jira; how can it decrypt without an IV? And what cipher should I be using? There are lots of DES variants supported by openssl:

  • des
  • des3
  • des-cbc
  • des-cfb
  • des-ecb
  • des-ede
  • des-ede3
  • des-ede3-cbc
  • des-ede3-cfb
  • des-ede3-ofb
  • des-ede-cbc
  • des-ede-cfb
  • des-ede-ofb
  • des-ofb
  • desx

Also, are there any padding or salt options I should be passing?

Currently, we are working in order to change DES for AES method. 

In this case (DES), is only necessary the key, because we are using DESKeySpec class (provided by java) .Maybe, this page can help you. (https://www.programcreek.com/java-api-examples/?api=javax.crypto.spec.DESKeySpec)

On the other hand, I think that is not possible decrypt if you don't use JIRA. 

When you do the Cipher.getInstance(), what are you passing it? Can you post the scrap of code you're actually using?

Hi Gregory,

 I have similar questions to yours, If we were to do this we have a requirement to be able to decrypt the data independently of JIRA. Did you ever work out how to do this?

Glenn.

Nope, we gave up on this vendor. Single DES uses a 56-bit key, which is insufficient . I stopped working on trying to decrypt manually when I realized how insecure it was. I might take another look if/when they manage to support AES (really, how hard do they think it is? it's just a slightly different Java API).

Thanks for the info. Yes that is not sufficient. We would need it to be AES 256 to look at seriously.

Addon works with AES  (AES/CBC/PKCS5Padding) even for attachments since 1.6.3 plugin version. 

About decrypt the data independently of JIRA, I think that is not possible at the moment, but we are going to create a ticket. 

Thanks for the update Alberto, good to hear about AES support. Let us know if there are developments with decrypt the data independently of JIRA in the future.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Marketplace Apps & Integrations

Localize Smarter with the Transifex Integration for Bitbucket

Over 52% of internet users say obtaining information in their own language is more important than price and 75% of the world’s population doesn’t speak English. It’s no wonder then that successful gl...

224 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you