VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ51611

⇱ IJ51611: IBMJCE PROVIDER THROWS AN UNRECOVERABLEKEYEXCEPTION WHEN NULL IS SPECIFIED AS THE KEY PROTECTION PASSWORD FOR A PRIVATE KEY.

IJ51611: IBMJCE PROVIDER THROWS AN UNRECOVERABLEKEYEXCEPTION WHEN NULL IS SPECIFIED AS THE KEY PROTECTION PASSWORD FOR A PRIVATE KEY.

APAR status

  • Closed as program error.

Error description

  • Error Message: java.security.KeyStoreException: Key protection
algorithm not found: java.security.UnrecoverableKeyException:
Encrypt Private Key failed: Error deriving PBKDF2 keys
.
Stack Trace: Exception in loadCertificate Key protection
algorithm not found: java.security.UnrecoverableKeyException:
Encrypt Private Key failed: Error deriving PBKDF2 keys
java.security.KeyStoreException: Key protection algorithm not
found: java.security.UnrecoverableKeyException: Encrypt Private
Key failed: Error deriving PBKDF2 keys
at com.ibm.crypto.provider.PKCS12KeyStoreOracle.a(Unknown
Source)
at
com.ibm.crypto.provider.PKCS12KeyStoreOracle.engineSetKeyEntry(U
nknown Source)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1155)
at
com.danoff.udp.controller.TLSJavaClient.loadCertificate(TLSJavaC
lient.java:285)
at
com.danoff.udp.controller.TLSJavaClient.initializeCertificates(T
LSJavaClient.java:196)
.
N/A

Local fix

  • Use non-null password.

Problem summary

  • The problem was caused by a null password for key protection in
a keystore. A null password is not supported.

Problem conclusion

  • The code was changed to throw KeyStoreException and the message
"password can't be null" is printed when a null password is used
for a key protection in a PKCS12 Keystore. This message shows
the cause of the problem clearly and the exception matches with
the documentation.
Binary affected: ibmjceprovider.jar
RTC PR : 151366
Git issue number : IBMJCE #234
Build level : build_20240621-161
The fix was delivered in Java8 SR8 FP30
.
This APAR will be fixed in the following Releases:
.
IBM SDK, Java Technology Edition
 8 SR8 FP30 (8.0.8.30)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ51611
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-06-25
    • 

  • Closed date
    2024-06-29
    • 

  • Last modified date
    2024-06-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 29 June 2024