VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ20939

⇱ IJ20939: PROBLEM WITH SECRET (SYMMETRIC) KEY ALGORITHM IN IBMJCEPLUS

IJ20939: PROBLEM WITH SECRET (SYMMETRIC) KEY ALGORITHM IN IBMJCEPLUS

APAR status

  • Closed as program error.

Error description

  • Error Message: While updating/testing iKeyman and CMSprovider
for IBMJCEplus, secret (Symmetric) key commands in iKeyman
throws ?ObjectInputFilter REJECTED error as follows:-
ikeycmd -keydb -create -db key1.jck -pw jjj
ikeycmd -seckey -create -db key1.jck -pw jjj -label key1 -keyalg
"aes" -keysize 128
ikeycmd -seckey -list -db key1.jck -pw jjj
May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
May 23, 2019 11:33:53 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
May 23, 2019 11:33:53 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: class java.security.KeyRep,
array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a
No secret key was found in the key database.
.
Stack Trace: N/A
.

Local fix

  • Force KeyGenerator to use IBMJCE instead.
Eg: KeyGenerator keyGen = KeyGenerator.getInstance(?AES?,
PROVIDER=?IBMJCE?);

Problem summary

  • java.security.Keystore.getKey returns
java.security.UnrecoverableKeyException: Rejected by the
jceks.key.serialFilter or jdk.serialFilter property.

Problem conclusion

  • Update includes 3 new entries ( java.lang.Enum; ,
java.security.KeyRep;, java.security.KeyRep$Type;) to the
?jceks.key.serialFilter? attribute of the IBM Java 8
java.security file.
.
This APAR will be fixed in the following Java Releases:
 8 SR6 (8.0.6.0)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ20939
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-11-11
    • 

  • Closed date
    2019-11-11
    • 

  • Last modified date
    2019-11-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020