APAR status
Closed as program error.
Error description
We have agreed to provide a flag for use at runtime to allow for the RSA encryption of data with the private key, as well as decryption of data with the public key. This flag can be set with the following property: -Dcom.ibm.crypto.provider.DoRSATypeChecking=false In Java 5, 6, 6.0_26, and 7, the default value will be "true" -- meaning that IBM's Java will have the old behavior. If this flag is set to "false" IBM's Java will allow for the atypical scenario with the reversal of the keys described above. Please note: This configuration is not recommended for use by developers of standard applications. It is understood that by setting this flag, a developer understands the behavior that is being enabled (encrypting with the private key/permitting anyone with the public key to decrypt). In nearly all cases, performing a signature in the standard way (with the private key to sign and the public key to verify) is preferred and recommended. With this APAR we are making sure the PUBLIC KEY can be used for DECRYPT.
Local fix
N/A
Problem summary
ERROR DESCRIPTION: IBM JVM should support encrypting using the private key and decrypting using the public key Note: This is a follow-up to APAR IV17344, which allows the public key to decrypt properly in this configuration
Problem conclusion
We have agreed to provide a flag for use at runtime to allow for the RSA encryption of data with the private key, as well as decryption of data with the public key. This flag can be set with the following property: -Dcom.ibm.crypto.provider.DoRSATypeChecking=false In Java 5, 6, 6.0_26, and 7, the default value will be "true" -- meaning that IBM's Java will have the old behavior. If this flag is set to "false" IBM's Java will allow for the atypical scenario with the reversal of the keys described above. Please note: This configuration is not recommended for use by developers of standard applications. It is understood that by setting this flag, a developer understands the behavior that is being enabled (encrypting with the private key/permitting anyone with the public key to decrypt). In nearly all cases, performing a signature in the standard way (with the private key to sign and the public key to verify) is preferred and recommended. Hursley defect: 190326. Affects ibmjceprovider.jar. Available in 5.0 SR 14, 6.0 SR11, 6.0_26 SR 3, and 7.0 SR 5 Jar build date: 20120404 WORKAROUNDS: None
Temporary fix
Comments
APAR Information
APAR number
IV18625
Reported component name
TIV JAVA CRYPTO
Reported component ID
TIVSECJCE
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-03-30
Closed date
2012-03-30
Last modified date
2012-04-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIV JAVA CRYPTO
Fixed component ID
TIVSECJCE
Applicable component levels
R100 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL42","label":"JCE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
26 April 2012