Troubleshooting
Problem
When using ikeyman, keytool, or Java shipped with App Connect Enterprise (ACE), you may encounter an error when loading a PKCS12 keystore indicating HmacPBESHA256 is not a supported algorithm.
Symptom
You may see an error like:
com.ibm.gsk.ikeyman.error.KeyManagerException:
java.io.IOException: Integrity check failed:
java.security.NoSuchAlgorithmException: no such algorithm: HmacPBESHA256 for provider IBMJCE
The exact error will be dependent on which program is loading the keystore. The above is an example from ikeyman. Java and keytool will be similar, with the first line being different.
Cause
Java updated the default algorithm that keystores use. This new algorithm provides additional security. This change was incorporated into IBM Java in version 8 SR 8. The release notes can be found here. As indicated in the notes, older Java versions will not support this algorithm. Thus if you create a PKCS12 keystore on a newer Java level and attempt to access it from a version prior to version 8 SR 8, the error will occur.
Environment
Any system that uses IBM Java. This is not solely limited to App Connect Enterprise. As products begin to incorporate the new Java version, they can be similarly impacted.
Resolving The Problem
There are two solutions available.
Upgrade ACE:
At present (see modified date on the right), ACE 12.0.9.0 is the only version that includes the supported Java level. You will need to upgrade ACE to this level in order to use the keystore.
Rebuild keystore:
You can rebuild the keystore in one of two ways. You can either use an older Java version, prior to SR 8, to build the file. The other option is to use your existing Java version, but include the Java option keystore.pkcs12.legacy without any arguments. This flag will tell Java to use the prior algorithm when building the keystore.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"ARM Category":[{"code":"a8m50000000CiUJAA0","label":"IIB-\u003EJava-\u003EJVM"}],"ARM Case Number":"TS013454561","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 July 2023
UID
ibm17010255