APAR status
Closed as program error.
Error description
Component: EKM Envt: 3584/LTO4, ekm 20080306, running on AIX IBM JAVA 150 SR7 The audit log shows that EKM failed to validate any of the keys in the symmetricKeySet range. Here is the audit event on startup of EKM. Runtime event:[ timestamp=Tue Aug 26 15:41:13 CDT 2008 ComponentId=[threadId=Thread[main,5,main]] event source=com.ibm.keymanager.EKMServer outcome=[result=unsuccessful] event type=SECURITY_RUNTIME message=No valid DKI Aliases LTO Drives not supported. ErrorCode= 19 resource=[name=Add AES or DES symmetric keys to symmetricKeySet to support LTO drives;type=file] action=stop ] There is a bug in the validation of the keys.
Local fix
Mark keys as non-sensitive in hardware crypto config
Problem summary
EKM using a PKCS11 keystore with the keys marked sensitive does not add these keys to the list of available keys in the server.
Problem conclusion
The problem was fixed in the EKM 2.1 package. Build date 20081020 Manifest-Version: 1.0 Ant-Version: Apache Ant 1.5.3 Created-By: 1.4.2 (IBM Corporation) Implementation-Version: 2.1 Implementation-Title: Encryption Key Management Server Implementation-Vendor: IBM Corporation Build-Level: 2.1-20081020 LDAP Defect 105908.
Temporary fix
Workaround: Mark keys as non-sensitve
Comments
APAR Information
APAR number
IZ35015
Reported component name
TIV TAPE ENCRY
Reported component ID
TIVOEKM00
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-10-16
Closed date
2008-10-29
Last modified date
2008-10-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIV TAPE ENCRY
Fixed component ID
TIVOEKM00
Applicable component levels
R100 PSN
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC6LF3","label":"EKM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
29 October 2008