APAR status
Closed as program error.
Error description
Error Message: keytool error: java.security.NoSuchAlgorithmException: unrecognized algorithm name: SHA256withRSA . Stack Trace: When enabling java.security.debug=jca, we can see the following stack trace: java.lang.Exception: Call trace at sun.security.jca.ProviderList.loadAll(ProviderList.java:277) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:29 8) at sun.security.jca.Providers.getFullProviderList(Providers.java:17 6) at java.security.Security.getProviders(Security.java:458) at sun.security.x509.AlgorithmId.algOID(AlgorithmId.java:551) at sun.security.x509.AlgorithmId.get(AlgorithmId.java:409) at sun.security.x509.AlgorithmId.getAlgorithmId(AlgorithmId.java:39 5) at sun.security.x509.CertAndKeyGen.getSelfCertificate(CertAndKeyGen .java:232) at sun.security.tools.KeyTool.doGenKeyPair(KeyTool.java:1551) at sun.security.tools.KeyTool.doCommands(KeyTool.java:969) at sun.security.tools.KeyTool.run(KeyTool.java:340) at sun.security.tools.KeyTool.main(KeyTool.java:333) . 1. The problem happens when -sigalg option is not specified or specified as "SHA256withRSA". 2. The problem does not happens when -sigalg option is specified as "SHA2withRSA".
Local fix
1. Specify -sigalg as "SHA2withRSA". 2. Use IBM's KeyTool with "java com.ibm.crypto.tools.KeyTool".
Problem summary
The problem happens because the signature name "SHA2WithRSA" registered in IBMJCE provider cannot be recognized by Sun's keytool in hybrid JVM.
Problem conclusion
This defect will be fixed in: 7.0.0 SR4 6.0.1 SR5 6.0.0 SR13 5.0.0 SR16 . A fix is made to AlgorithmId.get() to recognize "SHA2withRSA" signature name. The associated Hursley CMVC defect is 195127 The associated Austin CMVC defect is 113413 A fix is made to IBMJCE provider to use the signature name "SHA256withRSA", "SHA384WithRSA" and "SHA512WithRSA" The associated Hursley CMVC defect is 195282 The associated Austin CMVC defect is 113421 JVMs affected: Java 5.0 SR15, Java 6.0 SR12, Java 626 SR4, and Java 7.0 SR3. The fix was delivered for Java 5.0 SR16, Java 6.0 SR13, Java 626 SR5, and Java 7.0 SR4. The affected jar is "ibmjceprovider.jar". The build level of this jar for the affected releases is "20121213"
Temporary fix
Comments
APAR Information
APAR number
IV33531
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-12-17
Closed date
2013-01-04
Last modified date
2013-01-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020