APAR status
Closed as documentation error.
Error description
External Symptoms: The EKM manual should document the following error condition and its corresponding solutions javax.crypto.BadPaddingException: Given final block not properly padded .at com.ibm.crypto.provider.AESCipher.engineDoFinal(Unknown Source) .at com.ibm.crypto.provider.AESCipher.engineDoFinal(Unknown Source) .at javax.crypto.Cipher.doFinal(Unknown Source) .at com.ibm.keymanager.keygroups.a.a.a(a.java:14) This is caused when a incorrect password is used. There were 2 known causes for this error: 1) Running 2 EKMServers from the same home directory. The reason this caused a problem is both EKM Servers used the default config.keygroup.xml.file setting. When it was so each had a unique config.keygroup.xml.file, the BadPaddingException was avoided. 2) Creating a key were the value for -keypass password does not match the -storepass password. EKM is setup to use the same password for storepass and keypass. Additional keywords: BADPADDING PADDING EXCEPTION
Local fix
1) To resolve issue with having multiple EKM Servers use the same home directory. Change setup to using unique directories for each EKM Sever or be sure to specify unique files for each Server in the EKM config/properties file. Do not use default file names. 2) Be sure to create keys using a matching password for both keypass and storepass
Problem summary
Document javax.crypto.BadPaddingException in the EKM Installation, Planning and User's Guide in Chapter 7 Problem Determination.
Problem conclusion
javax.crypto.BadPaddingException: Given final block not properly padded .at com.ibm.crypto.provider.AESCipher.engineDoFinal(Unknown Source) .at com.ibm.crypto.provider.AESCipher.engineDoFinal(Unknown Source) .at javax.crypto.Cipher.doFinal(Unknown Source) .at com.ibm.keymanager.keygroups.a.a.a(a.java:14) There were 2 known causes for this error: 1) Running 2 EKMServers from the same home directory where both EKM Servers used the default config.keygroup.xml.file setting. When 2 EKM Servers are configured so that each one has a unique config.keygroup.xml.file, the BadPaddingException will not occur. 2) Creating a key where the value for -keypass password does not match the -storepass password. EKM requires that the same password is used for storepass and keypass. LOCAL FIX: 1) To resolve issue with having multiple EKM Servers use the same home directory. Change setup to using unique directories for each EKM Sever or be sure to specify unique files for each Server in the EKM config/properties file. Do not use default file names. 2) Be sure to create keys using a matching password for both keypass and storepass The following Technote has been written to address this issue: http://www-01.ibm.com/support/docview.wss?uid=swg21378389
Temporary fix
Comments
APAR Information
APAR number
IZ38304
Reported component name
TIV TAPE ENCRY
Reported component ID
TIVOEKM00
Reported release
121
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-11-20
Closed date
2009-02-26
Last modified date
2009-03-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC6LF3","label":"EKM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"121","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
30 March 2009