IBM Support

IV60627: KEYTOOL -STOREPASSWD NOT WORKING FOR PKCS12 KEYSTORE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message, as reported by customer:
    keytool error (likely untranslated):
    java.lang.UnsupportedOperationException: -storepasswd commands
    not supported if -storetype is PKCS12
    
    Stack Trace, if applicable:
    N/A
    
    Other Error Information, as reported by customer:
    The option -storepasswd was originally usable to change
    keystore password before APAR IZ23423 fix.
    

Local fix

  • Use ikeyman instead.
    

Problem summary

  • Keytool option -storepasswd was not allowed to change keystore
    password for PKCS12 keystore
    
    ERROR DESCRIPTION:
    When "keytool -storepasswd" command is used,
    java.lang.UnsupportedOperationException will be thrown,
    indicating it's not supported.
    

Problem conclusion

  • A fix is made to IBMJCE provider to allow password changing for
    PKCS12 keystore for the following option combinations:
     1. -storepasswd
     2. -storepasswd -all
     3. -storepasswd -all -new <new_password>
    Please note that the option "-storepasswd -new <new_password>"
    without "-all" is not allowed to change password for PKCS12
    keystore.
    
    The associated Hursley RTC Problem Report is 66184
    The associated Hursley CMVC defect is 202262
    The associated Austin CMVC defect is 115550
    
    JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and Java
    727
    
    
    The fix was
    delivered for Java 5.0 SR16FP7, Java 6.0 SR16FP1, Java 626
    SR8FP1, Java 7.0 SR7FP1 and Java 727 SR1FP1
    
    The affected jar is "ibmjceprovider.jar".
    The build level of this jar for the affected releases is
    "20140519"
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV60627

  • Reported component name

    TIV JAVA CRYPTO

  • Reported component ID

    TIVSECJCE

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-05-19

  • Closed date

    2014-05-21

  • Last modified date

    2014-05-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV JAVA CRYPTO

  • Fixed component ID

    TIVSECJCE

Applicable component levels

  • R100 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL42","label":"JCE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
28 May 2014