Troubleshooting
Problem
In general the DataPower appliance supports two RSA padding algorithms: PKCS#1v15 and OAEP. However, when the DataPower appliance is decrypting with an RSA private key stored inside of its HSM, as opposed to on the appliance flash, it only supports one RSA padding algorithm: PKCS#1v15. The use of RSA OAEP with RSA private keys stored inside of the HSM is not supported for decryption because the underlying HSM hardware does not support OAEP.
Symptom
Any attempt to use an HSM-stored RSA private key to decrypt a message using OAEP will fail.
[{"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"--","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.0.0;6.0.0;6.0.1;7.0.0;7.1","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}},{"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"General","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.0.0;6.0.0;6.0.1;7.0.0;7.1","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21587018