IBM Support

IJ54206: FAILED TO READ PRIVATE KEY FROM A JKS KEYSTORE, SPECIFIED AS JCEKS KEYSTORE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: After updating the IBM JRE, we are hitting
Exception in thread "main"
java.security.UnrecoverableKeyException: PrivateKeyInfo parsing
error. This error is generated from a java program reading a JKS
keystore while specifying the keystore type as JCEKS.
.
Stack Trace: Exception in thread "main"
java.security.UnrecoverableKeyException: PrivateKeyInfo parsing
error.
at com.ibm.crypto.provider.I.a(Unknown Source)
at com.ibm.crypto.provider.JceKeyStore.engineGetKey(Unknown
Source)
at java.security.KeyStore.getKey(KeyStore.java:1038)
.
The issue was found in Java 8 SR8 FP40. Previously, when reading
a private key from JKS keystore while specifying keystore as
JCEKS worked. We are restoring this behavior for compatibility
reasons.

Local fix

  • Use Keystore.getInstance("JKS); for JKS keystore instead of
Keystore.getInstance("JCEKS);.

Problem summary

  • Failed to read the private key from a JKS keystore because the
keystore type was incorrectly classified as JCEKS when reading
from the keystore.

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ54206
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-04-04
    • 

  • Closed date
    2025-04-04
    • 

  • Last modified date
    2025-04-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 April 2025
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback