LI75343: CMVC 198445 - ALLOW ENCRYPTED STRINGS WITH CARRIAGE RETURN CHARACTERS TO BE DECRYPTED BY MIGRATEENCRYPTEDINFO CORRECTLY

7.0.0-WS-WCServer-FP009
WebSphere Commerce Version 6.0.0.10 Fix Pack
WebSphere Commerce Version 7.0.0.2 Fix Pack
WebSphere Commerce Version 6.0.0.11 Fix Pack
WebSphere Commerce Version 7.0.0.4 Fix Pack
WebSphere Commerce Version 7.0.0.3 Fix Pack
WebSphere Commerce Version 7.0.0.5 Fix Pack
WebSphere Commerce Version 7.0.0.6 Fix Pack
WebSphere Commerce Version 7.0.0.7 Fix Pack
WebSphere Commerce Version 7.0.0.8 Fix Pack
WebSphere Commerce Version 7.0.0.9 Fix Pack

APAR status

• Closed as program error.

Error description

• MigrateEncryptedInfo code removes trailing non-base 64
  characters. When there are carriage return characters in an
  encrypted string, the code assumes the characters after the
  carriage return are bad and removes them. The current logic
  starts scanning the encypted string from the beginning of the
  string, but it should start scanning from the end of the string
  since the purpose of the code is to remove all trailing bad
  characters.  An encrypted string can have carriage return when
  the length of the plain text string is more than 55 characters.
  
  Errors like this are logged in the
  MigrateEncryptedInfoError.log:
  
  %3DES-F-DCRYPT; Exception caught while decrypting
  ; javax.crypto.IllegalBlockSizeException: Input length (with
  padding) not multiple of 8 bytes
   at com.ibm.crypto.provider.DESedeCipher.a(Unknown Source)
   at com.ibm.crypto.provider.DESedeCipher.engineDoFinal(Unknown
  Source)
   at javax.crypto.Cipher.doFinal(Unknown Source)
   at
  com.ibm.commerce.util.wrapper.nc_cryptx.decrypt(nc_cryptx.java(C
  ompiled Code))
   at com.ibm.commerce.util.nc_crypt.decrypt(nc_crypt.java(Inlined
  Compiled Code))
   at
  com.ibm.commerce.dbupdatetool.CCInfoReencoder.processValue(CCInf
  oReencoder.java(Compiled Code))
   at
  com.ibm.commerce.dbupdatetool.SimpleRowBrowser.execute(SimpleRow
  Browser.java(Compiled Code))
   at
  com.ibm.commerce.dbupdatetool.DBMigrateTool.execute(DBMigrateToo
  l.java(Compiled Code))
   at
  com.ibm.commerce.dbupdatetool.DBUpdateToolApp.<init>(DBUpdateToo
  lApp.java:72)
   at
  com.ibm.commerce.dbupdatetool.MKChangeApp.changeMK(MKChangeApp.j
  ava:324)
   at
  com.ibm.commerce.dbupdatetool.MKChangeApp.<init>(MKChangeApp.jav
  a:201)
   at
  com.ibm.commerce.dbupdatetool.MKChangeApp.main(MKChangeApp.java:
  363)
  

Local fix

Problem summary

• USERS AFFECTED:
  All WebSphere Commerce users on v6.0 with PDIEncrypt enabled and
  run the MigrateEnryptedInfo utility to re-encrypt data.
  
  PROBLEM ABSTRACT:
  MigrateEncryptedInfo does not correctly decrypt encrypted
  strings that contain carriage return characters in WebSphere
  Commerce.
  
  BUSINESS IMPACT:
  When using the MigrateEncryptedInfo utility to re-encrypt data,
  only encrypted strings with carriage return characters will not
  be re-encrypted, leaving the encrypted data in an inconsistent
  state.  The encrypted strings would have a carriage return if
  its corresponding plaintext is longer than 55 characters.
  
  RECOMMENDATION:
  

Problem conclusion

• The fix changes MigrateEncryptedInfo to begin scanning encrypted
  strings from the end of the string, rather than the beginning,
  so characters after carriage return characters within the string
  are not removed.
  
  -------------------------------------------------------------
  The latest available maintenance information can be obtained
  from the Recommended Fixes for WebSphere Commerce technote:
  http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WC BUS ED ILINU

• Fixed component ID

  5724I3804

Applicable component levels

• R600 PSY

     UP