IBM Support

IV18625: IBM JVM SHOULD SUPPORT DECRYPTING USING THE PUBLIC KEY

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • We have agreed to provide a flag for use at runtime to allow for
the RSA encryption of data with the private key, as well as
decryption of data with the public key.  This flag can be set
with the following property:

-Dcom.ibm.crypto.provider.DoRSATypeChecking=false

In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
meaning that IBM's Java will have the old behavior.  If this
flag is set to "false" IBM's Java will allow for the atypical
scenario with the reversal of the keys described above.

Please note: This configuration is not recommended for use by
developers of standard applications.  It is understood that by
setting this flag, a developer understands the behavior that is
being enabled (encrypting with the private key/permitting anyone
with the public key to decrypt).  In nearly all cases,
performing a signature in the standard way (with the private key
to sign and the public key to verify) is preferred and
recommended.

With this APAR we are making sure the PUBLIC KEY can be used for
DECRYPT.

Local fix

  • N/A

Problem summary

  • ERROR DESCRIPTION:

IBM JVM should support encrypting using the private key and
decrypting using the public key

Note: This is a follow-up to APAR IV17344, which allows the
public key to decrypt properly in this configuration

Problem conclusion

  • We have agreed to provide a flag for use at runtime to allow for
the RSA encryption of data with the private key, as well as
decryption of data with the public key.  This flag can be set
with the following property:

-Dcom.ibm.crypto.provider.DoRSATypeChecking=false

In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
meaning that IBM's Java will have the old behavior.  If this
flag is set to "false" IBM's Java will allow for the atypical
scenario with the reversal of the keys described above.

Please note: This configuration is not recommended for use by
developers of standard applications.  It is understood that by
setting this flag, a developer understands the behavior that is
being enabled (encrypting with the private key/permitting anyone
with the public key to decrypt).  In nearly all cases,
performing a signature in the standard way (with the private key
to sign and the public key to verify) is preferred and
recommended.

Hursley defect: 190326.

Affects ibmjceprovider.jar.  Available in 5.0 SR 14, 6.0 SR11,
6.0_26 SR 3, and 7.0 SR 5

Jar build date: 20120404

WORKAROUNDS:

None

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV18625
    • 

  • Reported component name
    TIV JAVA CRYPTO
    • 

  • Reported component ID
    TIVSECJCE
    • 

  • Reported release
    100
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-03-30
    • 

  • Closed date
    2012-03-30
    • 

  • Last modified date
    2012-04-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TIV JAVA CRYPTO
    • 

  • Fixed component ID
    TIVSECJCE
    • 



Applicable component levels


    

  • R100  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL42","label":"JCE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            26 April 2012
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback