IBM Support

IV33471: RSA KEYPAIR GENERATION WITH KEYTOOL FAILED WITH 'SIGNATURE ALGOR ITHM MISMATCH'.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: java.security.cert.CertificateException:
    Signature algorithm mismatch.
    .
    Stack Trace: N/A
    .
    1. The problem happens when IBMJCEFIPS provider is put before
    IBMJCE provider in the provider list in java.security.
    2. Problem is gone if -sigalg option is specified.
    

Local fix

  • Specify -sigalg in "keytool -genkeypair" or "keytool -genkey"
    command in generating key pair.
    

Problem summary

  • The problem happens because the AlgorithmId.get() in PKCS
    component cannot handle signature name "SHA2withRSA", a wrong
    OID is returned in recognizing the signature algorithm.
    

Problem conclusion

  • This defect will be fixed in:
    7.0.0 SR4
    6.0.1 SR5
    6.0.0 SR13
    5.0.0 SR16
    .
    A fix is made to AlgorithmId.get() to recognize "SHA2withRSA"
    signature name.
    The associated Hursley CMVC defect is 195127
    The associated Austin CMVC defect is 113413
    JVMs affected: Java 5.0 SR15, Java 6.0 SR12, Java 626 SR4, and
    Java 7.0 SR3.
    The fix was delivered for  Java 5.0 SR16, Java 6.0 SR13, Java
    626 SR5, and Java 7.0 SR4.
    The affected jar is "ibmpkcs.jar".
    The build level of this jar for the affected releases is
    "20121204"
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV33471

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    260

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-13

  • Closed date

    2013-01-02

  • Last modified date

    2013-01-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IV33472

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R260 PSY

       UP

  • R600 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 260

Reference #: IV33471

Modified date: 02 January 2013