IBM Support What's New?

IV34537: JAR VERIFICATION FAILS ON JARS THAT ARE SIGNED WITH SOME OF THE MESSAGEDIGEST ALGORITHMS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: When you try to verify a JAR which is signed with
    MessageDigest algorithms SHA256, SHA384 or SHA512, we get the
    following error with Java 6:
    jar is unsigned. (signatures missing or not parsable)
    With Java 7, it says the JAR is verified, but we get the warning
    shown below:
    jar verified.
    Warning:
    This jar contains unsigned entries which have not been
    integrity-checked
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • The problem is caused as the BootstrapProvider which is used
    during JAR verification, did not contain these algorithms in its
    list of supported algorithms.
    

Problem conclusion

  • This defect will be fixed in:
    6.0.0 SR13
    6.0.1 SR7
    7.0.0 SR4
    .
    The JDK has been updated to add the SHA256, SHA384 and SHA512
    algorithms to the list of supported algorithms in
    BootstrapProvider.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV34537

  • Reported component name

    JAVA CLASS LIBS

  • Reported component ID

    620700130

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-01-10

  • Closed date

    2013-01-14

  • Last modified date

    2013-12-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA CLASS LIBS

  • Fixed component ID

    620700130

Applicable component levels

  • R600 PSY

       UP

  • R700 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Java Class Libraries

Software version: 6.0

Reference #: IV34537

Modified date: 2013-12-13