VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ45203

⇱ IJ45203: RSAPSS MULTIPLE NAMES FOR KEYTYPE

IJ45203: RSAPSS MULTIPLE NAMES FOR KEYTYPE

APAR status

  • Closed as program error.

Error description

  • Error Message: java.security.ProviderException: Unsupported
algorithm RSASSA-PSS
.
Stack Trace: java.security.ProviderException: Unsupported
algorithm RSASSA-PSS
 at
com.ibm.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:60)
 at
com.ibm.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:136)
 at
sun.security.util.SignatureUtil.getParamSpec(SignatureUtil.java:
106)
 at
com.ibm.security.pkcs10.CertificationRequest.signThis(Certificat
ionRequest.java:932)
 at
com.ibm.security.pkcs10.CertificationRequest.sign(CertificationR
equest.java:360)
 at com.ibm.crypto.tools.KeyTool.doCertReq(KeyTool.java:2302)
 at
com.ibm.crypto.tools.KeyTool.doCommands(KeyTool.java:1352)
 at com.ibm.crypto.tools.KeyTool.run(KeyTool.java:559)
 at com.ibm.crypto.tools.KeyTool.main(KeyTool.java:552)
.

Local fix

  • N/A

Problem summary

  • Signing a certificate request with an RSAPSS key would generated
a java.security.ProviderException: Unsupported algorithm
RSASSA-PSS

Problem conclusion

  • The code was modified to recognize "RSAPSS" and "RSASSA-PSS" as
PSS KeyType
The associated RTC PR: 148622
The associated Austin GitHub task is PKCS#150
JVMs affected Java 8.0
The fix was delivered for Java 8.0 SR8 FP0
The affected jar is "ibmpkcs.jar"
The build level of this jar is: Build-Level: 20230131-423
.
This APAR will be fixed in the following Releases:
.
IBM SDK, Java Technology Edition
 8 SR8 (8.0.8.0)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
maintenance can be found at:
 https://www.ibm.com/support/pages/java-sdk

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ45203
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-02-02
    • 

  • Closed date
    2023-02-02
    • 

  • Last modified date
    2023-02-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 08 February 2023