APAR status
Closed as program error.
Error description
Error Message: The customer has observed that the KeyPairGenerator of the IBMPKCS11Impl provider throws the following exception when asked to generate a key pair of size 2048. InvalidParameterException: Key size must be a multiple of 64 and at most 1024 bit . Stack Trace: N/A .
Local fix
Problem summary
The customer has observed that the KeyPairGenerator of the IBMPKCS11Impl provider throws the following exception when asked to generate a key pair of size 2048. InvalidParameterException: Key size must be a multiple of 64 and at most 1024 bit
Problem conclusion
This defect will be fixed in: 7.0.0 SR2 6.0.0 SR11 5.0.0 SR14 . The latest PKCS#11 spec (version 2.3) and the associated FIPS publication 186-2 have no awareness of DSA key sizes greater than 1024. For that reason, the IBMPKCS1Impl provider cannot support DSA keys > 1024. Additional defensive code has been added to the "key generation" and "key translation" logic of the IBMPKCS11Impl provider to throw more descriptive exceptions when the caller attempts to use a DSA key size > 1024.
Temporary fix
Comments
APAR Information
APAR number
IV25922
Reported component name
JAVA 5 SECURITY
Reported component ID
620500125
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-08-09
Closed date
2012-08-09
Last modified date
2012-08-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA 5 SECURITY
Fixed component ID
620500125
Applicable component levels
R500 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.