APAR status
Closed as fixed if next.
Error description
1. $ keytool -genseckey -alias myseckey -keyalg AES -keysize 256 Enter keystore password: Enter key password for <myseckey>: (RETURN if same as keystore password): keytool error (likely untranslated): java.security.KeyStoreException: Cannot store non-PrivateKeys The message should read: JKS key store type only supports asymmetric (public/private) keys. For secret keys try storetype JCEKS 2. keytool -help and -ekmhelp for -exportseckey lists the following suboptions -exportseckey [-v] [-alias <alias> | aliasrange <aliasRange>] [-keyalias <keyalias>] [-keystore <keystore>] [-storepass <storepass>] [-keypass <keypass>] [-storetype <storetype>] [-providerName <name>] [-exportfile <exportfile>] When -exportseckey is used with those suboptions, no valid error message is displayed, instead only the -help report is displayed instead of the -ekmhelp output. 3. The keytool -exportseckey command needs the -keypass subtoption 4. The keytool -exportseckey without the -keyalias suboption and with the -keypass suboption works. It is not clear which -keyalias is used along with the -keypass subtoption. The missing -keyalias should generate an error indicating that the -keyalieas subtoption is missing. 5. The keytool -exportseckey command needs the -storetype suboption if the default store type is JKS, because of #1 above. KEYWORDS: KEYTOOL EXPORTSECKEY HELP EKMHELP -EXPORTSECKEY -HELP -EKMHELP KEYPASS -KEYPASS STORETYPE -STORETYPE JKS JCEKS
Local fix
Use: keytool -exportseckey -alias AAAA -keyalias KKKK -storetype JCEKS -exportfile FFFF -keypass PPPP Where: AAAA is the secret key alias KKKK is the public key alias FFFF is the export filename PPPP is the public key password
Problem summary
The 5.0 KeyTool displays the standard help message when running an EKM-specific command. 6.0 does not have this problem. Documentation updated. These issues have been addressed by Tivoli APARs IZ43545 and IZ43546
Problem conclusion
Temporary fix
Run keytool -ekmhelp
Comments
APAR Information
APAR number
PK77490
Reported component name
JAVA 5 Z/OS 31
Reported component ID
620500105
Reported release
500
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-12-15
Closed date
2009-03-31
Last modified date
2009-03-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R500 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
09 August 2022