APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
1. V1 stash problem when v2 stash exists Delete the v2stash file that exists in the current directory when password is stashed as v1 2. CMS keystore crash with restricted policy file Replace your policy files with the Unlimited Strength files (recommended)
Problem summary
1. V1 stash problem when v2 stash exists The user attempts to create a v1stash file from the provided password, but since v2stash exists in the current folder, iKeyman disallows the downgrade of v2 to v1 stash file. Ideally, downgrade should happen if the password is provided. 2. CMS keystore problem with restricted policy file Attempting to change the password of a CMS keystore type results in zero byte keystore file along with the exception: java.io.IOException: Error initialising cipher. The problem occurs with keytool command when restricted jurisdiction policy files are used.The same problem occurs with iKeyman tool as well. The problem goes away when unrestricted jurisdiction policy files are used for both ikeyman and keytool.
Problem conclusion
1. V1 stash problem when v2 stash exists Downgrade of a stash file from v2 to v1 is allowed if the password is provided. 2. CMS keystore problem with restricted policy file The keystore protection relies on algorithms and keys of a greater strength than allowed without the unrestricted policy files, as such using iKeyman without the unrestricted files is not supported. CMSProvider is updated to throw an exception that iKeyman can interpret as likely being a restricted policy file issue and reports this error. The fix also ensures CMS Keystore remains undamaged. . This APAR will be fixed in the following Java Releases: 8 SR5 FP15 (8.0.5.15) 7 SR10 FP25 (7.0.10.25) 7 R1 SR4 FP25 (7.1.4.25) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ05408
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-04-02
Closed date
2018-04-17
Last modified date
2018-04-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020