IV33471: RSA KEYPAIR GENERATION WITH KEYTOOL FAILED WITH 'SIGNATURE ALGOR ITHM MISMATCH'.
Closed as program error.
Error Message: java.security.cert.CertificateException: Signature algorithm mismatch. . Stack Trace: N/A . 1. The problem happens when IBMJCEFIPS provider is put before IBMJCE provider in the provider list in java.security. 2. Problem is gone if -sigalg option is specified.
Specify -sigalg in "keytool -genkeypair" or "keytool -genkey" command in generating key pair.
The problem happens because the AlgorithmId.get() in PKCS component cannot handle signature name "SHA2withRSA", a wrong OID is returned in recognizing the signature algorithm.
This defect will be fixed in: 7.0.0 SR4 6.0.1 SR5 6.0.0 SR13 5.0.0 SR16 . A fix is made to AlgorithmId.get() to recognize "SHA2withRSA" signature name. The associated Hursley CMVC defect is 195127 The associated Austin CMVC defect is 113413 JVMs affected: Java 5.0 SR15, Java 6.0 SR12, Java 626 SR4, and Java 7.0 SR3. The fix was delivered for Java 5.0 SR16, Java 6.0 SR13, Java 626 SR5, and Java 7.0 SR4. The affected jar is "ibmpkcs.jar". The build level of this jar for the affected releases is "20121204"
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels