Question & Answer
Question
What happens if I enter the wrong database encryption keys for Manage?
Answer
If an existing database that already contains a Manage database is used for a Manage installation, the old and new encryption keys specified in the configuration have to match the keys used by the crypto and cryptox fields of the database. If the keys do not match, the activation proceeds but the bundle servers will not start properly. You will notice the following errors in the log of the bundle server pod:
[err] javax.crypto.BadPaddingException: Given final block not properly padded
[err] at com.ibm.crypto.provider.AbstractBufferingCipher.a(Unknown Source)
[err] at com.ibm.crypto.provider.AbstractBufferingCipher.engineDoFinal(Unknown Source)
[err] at javax.crypto.Cipher.doFinal(Unknown Source)
[err] at psdi.util.MXCipher.decData(MXCipher.java:263)
[err] at psdi.server.MaxPropCache.loadOneProp(MaxPropCache.java:975)
[err] at psdi.server.MaxPropCache.reloadCache(MaxPropCache.java:774)
[err] at psdi.server.MaxPropCache.reload(MaxPropCache.java:319)
[err] at psdi.server.MaxPropCacheFactory.getCache(MaxPropCacheFactory.java:82)
[err] at psdi.server.MXServer.start(MXServer.java:3819)
[err] at psdi.servlet.MAXIMOStartupServlet.init(MAXIMOStartupServlet.java:116)
[err] at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:299)
[err] at [internal classes]
[err] at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:110)
[err] at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:976)
The status of the activation of Manage shows that the deployment is not ready.
In the scenario where a user also wants to re-encrypt the crypto and crypto fields of the Manage database, he provides a different set of old and new encryption keys. If the old keys do not match the actual keys used by the database, the operator fails when it tries to re-encrypt the database. The following error is displayed in the status section of the ManageDeployment custom resource
"Please make sure the MXE_SECURITY_OLD_CRYPTO_KEY & MXE_SECURITY_OLD_CRYPTOX_KEY match what the database uses."
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000hB0QAAU","label":"Maximo Manage"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 August 2021
UID
ibm16479005