IZ53977: KEY ALIASES THAT ARE 21 CHARACTERS LONG CAN CAUSE EE31

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When EKM serves keys for a write operation on Jag drive, if the
    alias of the Asymmetric key is 21 characters long,  it checks
    for Alias Naming conventions specific to Symmetric keys
    (it checks if the key is of the format ABC00nnnnnnnnnnnnnnnn),
    which is incorrect.   The EKM operation then fails with
    error-code 0xEE31.
    
    A second, separate defect also resolved by this APAR:
    A few debug statements are printed in STDOUT, even though debug
    option is not set.
    The Debug/Error message will contain:
    validateDKiAlias
    

Local fix

  • Change the key alias in use to a size of less than or greater
    than 21 characters.
    

Problem summary

  • ERROR DESCRIPTION:
    KEY ALIASES THAT ARE 21 CHARACTERS LONG CAN CAUSE EE31
    

Problem conclusion

  • When EKM serves keys for a write operation on Jag drive, if the
    alias of the Asymmetric key is 21 characters long,  it checks
    for Alias Naming conventions specific to Symmetric keys
    (it checks if the key is of the format ABC00nnnnnnnnnnnnnnnn),
    which is incorrect.   The EKM operation then fails with
    error-code 0xEE31.
    
    Fixed in IBMKeyManagementServer.jar:  Build 20090825
    
    Hursley Defect 155423
    1.4.2 sr15; 5.0 sr11; 6.0 sr6
    

Temporary fix

  • Change the key alias in use to a size of less than or greater
    than 21 characters.
    

Comments

APAR Information

  • APAR number

    IZ53977

  • Reported component name

    TIV TAPE ENCRY

  • Reported component ID

    TIVOEKM00

  • Reported release

    121

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-06-25

  • Closed date

    2009-08-28

  • Last modified date

    2010-08-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV TAPE ENCRY

  • Fixed component ID

    TIVOEKM00

Applicable component levels

  • R100 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Components - Java Security
EKM

Software version:

121

Reference #:

IZ53977

Modified date:

2010-08-18

Translate my page

Machine Translation

Content navigation