Encryption key size validation always fails

Created on 5 March 2024, 10 months ago
Updated 22 April 2024, 8 months ago

Problem/Motivation

I can't use pantheon_secrets module to work with encryption keys, because when attempting to create a key of type encryption using a Pantheon secret, the form fails validation on the key size, unless you set zero as the size value. That zero value is not even a valid workaround, because the key doesn't work for encryption, an EncryptException is thrown.

Steps to reproduce

Install Encrypt, which requires Key module.
Create a key with this command: dd if=/dev/urandom bs=32 count=1 | base64 -i
Use the generated value to create a secret: terminus secret:site:set mtc2 <name> <value> --scope=web --type=runtime
Go to /admin/config/system/keys and there click "+ Add Key"
Try to add a key of type "Encryption", size=256, provider "Pantheon", and select the Secret name of the secret created above
The validation fails on key size, and it would only let you create the key selecting the size "Other" and "0".

Optionally
Install Real AES module, create a profile using that key (with declared 0 size to pass validation), and test the profile encryption. It will throw an error.
Go again to /admin/config/system/keys and there click "+ Add Key"
Try to add a new key of type "Encryption", size=256, provider "Configuration", and set the same value we generated with the dd command.
The key will be created successfully, no validation error.
Create an encryption profile with this key and see that encryption works now.

🐛 Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

🇪🇸Spain juanolalla

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024