PK25433: IBM JCE BUILD 040219 INCORRECTLY IMPOSES A RESTRICTION OF MINIMUM 512 KEYSIZE. | |||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description The IBM JCE build 040219 incorrectly imposes a restriction of minimum 512 keysize. Keysizes must be multiple of 64, and can range from 256 to 1024, inclusive. Problems can therefore be seen if you are using a keysize smaller than 512. (InvalidAlgorithmParameterException occurs). An example exception: java.security.InvalidAlgorithmParameterException is caught when initializing EncryptionManager 'Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)' at com.ibm.db2.jcc.a.x.<init>(x.java:107) at com.ibm.db2.jcc.c.b.fc(b.java:2190) at com.ibm.db2.jcc.c.b.u(b.java:1057) at com.ibm.db2.jcc.c.b.b(b.java:723) at com.ibm.db2.jcc.c.b.a(b.java:700) at com.ibm.db2.jcc.c.b.a(b.java:412) at com.ibm.db2.jcc.c.b.<init>(b.java:357) at com.ibm.db2.jcc.DB2PooledConnection.<init> at ... IBM JCE build 051104 resolves this problem.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server version 5.0.x * * users who are using DB2 database. * **************************************************************** * PROBLEM DESCRIPTION: ibmjceprovidor.jar build 040219 has a * * problem of incorrectly imposing a * * restriction of minimum 512 keysize. * **************************************************************** * RECOMMENDATION: * **************************************************************** ibmjceprovider.jar shipped in PK23458 (build 040219) does have a problem of incorrectly imposing a restriction of minimum 512 keysize. This is affecting customer who have been using a keysize < 512. DB2 JCC with ENCRYPTED_USER_AND_PASSWORD_SECURITY is an example. When this problem happens, the following exception is thrown: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive): at com.ibm.crypto.provider.DHKeyPairGenerator.initialize(Unkn own Source) at java.security.KeyPairGenerator$Delegate.initialize(KeyPair Generator.j at java.security.KeyPairGenerator.initialize(KeyPairGenerator. java:309) at com.ibm.db2.jcc.c.w.<init>(w.java:76) at com.ibm.db2.jcc.b.b.cc(b.java:2091) at com.ibm.db2.jcc.b.b.u(b.java:1005) at com.ibm.db2.jcc.b.b.a(b.java:714) at com.ibm.db2.jcc.b.b.<init>(b.java:305) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:162) at java.sql.DriverManager.getConnection(DriverManager.java:543) at java.sql.DriverManager.getConnection(DriverManager.java:163) at ConnectDB.main(ConnectDB.java:29)Problem conclusion Replaced the affected modules by newer versions.Temporary fix A test fix PK25433_50.jar has been released.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00A
Software edition:
Reference #: PK25433
IBM Group: Software Group
Modified date: Jul 31, 2006
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.