Troubleshooting encryption key errors

Failed to initialize Encryptor

When creating or altering a table to use a local key, the commands fails. For example, creating a test table with LZ compression and encryption:

CREATE TABLE test.encryption_test (a int primary key) WITH COMPRESSION = {
      'class': 'EncryptingLZ4Compressor',
      'cipher_algorithm' : 'AES/ECB/PKCS5Padding',
      'secret_key_strength' : 256,
      'system_key_file' : 'AES-256' };

The following error occurs:

ConfigurationException: EncryptingLZ4Compressor.create() threw an error: java.lang.RuntimeException Failed to initialize Encryptor

Solution

  1. Verify that the account running the DSE database is the owner of the encryption key file on the local system:

    ls -l /etc/dse/conf

    In this case, the account dse only has read/write access to the system_key file.

    total 8
    -rw------- 1 joe joe 70 Aug  8 15:48 AES-256
    -rwx------ 1 joe joe 50 Aug  2 15:06 system_key
  2. Change the ownership of the file to the DSE user, and ensure that the file has read/write permissions.

    chown cassandra /etc/dse/conf/system_key
  3. Rerun the CQL command.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com