I am attaching a tarball with a stand-alone Java program that exercises BouncyCastle in the same exact way as Walrus does for image decryption. Included with the code are a couple of the JARs it needs and three input files: an encrypted compressed image (originally a ~1-GB Ubuntu image), the manifest for the image, and a cloud private key necessary for decryption. We are unable to reproduce this bug on our setup, but perhaps someone else will be able to, either with the included image or with a different one. To use the included image:
tar zxvf TestWalrusDecryption.tgz
cd TestWalrusDecryption
javac -classpath bcprov-jdk16-145.jar:xalan-2.7.1.jar TestWalrusDecryption.java
java -classpath bcprov-jdk16-145.jar:xalan-2.7.1.jar:. TestWalrusDecryption encrypted.img manifest.xml key.pem
To use with a different image, start with a working Eucalyptus installation and obtain user credentials. Using the credentials bundle (but not necessarily upload or register) an image of your choice. In the directory where bundling took place there will be a manifest file and several encrypted parts. Cat the parts together in the right order to obtain the encrypted image. Finally, extract the cloud private key from the cloud controller as follows:
I am attaching a tarball with a stand-alone Java program that exercises BouncyCastle in the same exact way as Walrus does for image decryption. Included with the code are a couple of the JARs it needs and three input files: an encrypted compressed image (originally a ~1-GB Ubuntu image), the manifest for the image, and a cloud private key necessary for decryption. We are unable to reproduce this bug on our setup, but perhaps someone else will be able to, either with the included image or with a different one. To use the included image:
tar zxvf TestWalrusDecry ption.tgz ption jdk16-145. jar:xalan- 2.7.1.jar TestWalrusDecry ption.java jdk16-145. jar:xalan- 2.7.1.jar: . TestWalrusDecry ption encrypted.img manifest.xml key.pem
cd TestWalrusDecry
javac -classpath bcprov-
java -classpath bcprov-
To use with a different image, start with a working Eucalyptus installation and obtain user credentials. Using the credentials bundle (but not necessarily upload or register) an image of your choice. In the directory where bundling took place there will be a manifest file and several encrypted parts. Cat the parts together in the right order to obtain the encrypted image. Finally, extract the cloud private key from the cloud controller as follows:
openssl pkcs12 -in ${EUCALYPTUS} /var/lib/ eucalyptus/ keys/euca. p12 \ /var/lib/ eucalyptus/ keys/cloud- pk.pem
-name eucalyptus -name "eucalyptus" \
-password pass:eucalyptus -passin pass:eucalyptus -passout pass:eucalyptus \
-nodes | \
grep -A30 "friendlyName: eucalyptus" | \
grep -A26 "BEGIN RSA" > ${EUCALYPTUS}
The cloud-pk.pem file is what you pass as the third parameter.