IBM Support

JR51053: Decryption errors after upgrading to IBM Java 1.6 SR16

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After upgrading to Java SDK 1.6 SR16 Cumulative Fix, available
    with WebSphere Application Server V7.0 Fix Pack 33 (7.0.0.33),
    WebSphere Commerce servers with the following configurations may
     fail to decrypt data:
    
    Sites using a 3DES 32-hexadecimal character merchant key are
    unable to decrypt database data.
    Sites not using an AES merchant key may experience temporary
    cookie errors as sessions created before the Java upgrade cannot
    be decrypted.
    
    Decryption errors such as the following are found in
    SystemOut.log:
    
         CommerceSrvr E com.ibm.commerce.util.wrapper.EnhancedCryptx
    decrypt(text, user_key, encoding) CMN0409E: The following error
    occurred during processing: "javax.crypto.BadPaddingException:
    Given final block not properly padded
    
         CommerceSrvr  E com.ibm.commerce.util.wrapper.AES128Cryptx
    decrypt(String text, String user_key, String encoding, boolean
    useMac, boolean isAESDBEnabled) CMN0409E: The following error
    occurred during processing:
    "INTEGRITY_CHECK_FAILED_DURING_DECRYPTION".
    
          CommerceSrvr  E
    com.ibm.commerce.browseradapter.WCCookieUserSession
    decipherTokens() CMN1039E: An invalid cookie was received for
    the user, your logonId may be in use by another user.
    
    Recommendation:
    
         Non-Solaris sites that have not yet been upgraded to Java
    SDK 1.6 SR16
    
               Apply JR51053. See section below for download links.
    Java SDK 1.6 SR16 can be safely applied after JR51053 has been
    installed.
    
         Non-Solaris sites that have already been upgraded to Java
    SDK 1.6 SR16
    
              Sites using a 3DES 16-hexadecimal character merchant
    key
    
                   Apply JR51053. See below for download links.
    
                   Note: Sites using a 3DES 16-hexadecimal character
    merchant key would have not experienced database decryption
    errors after upgrading to Java SDK 1.6 SR16, but session data
    could have been affected. As JR51053 updates the encryption
    algorithm used for session data, the site may experience
    temporary session decryption errors for sessions generated
    before the iFix was applied.
    
    
               Sites using a 3DES 32-hexadecimal character merchant
    key
    
                     After applying Java SDK 1.6 SR16 to a site
    using 3DES 32-hexadecimal character merchant key, database data
    cannot be decrypted. If you are experiencing these errors, apply
    JR51053 to correct the decryption errors. See below for download
    links.
    
                      or
    
                      Sites that were setup with a 3DES
    32-hexadecimal character merchant key after Java SDK 1.6 SR16
    was applied are not likely experiencing database decryption
    errors.  To avoid future compatibility issues, it is required to
    migrate these environments to an AES merchant key before
    applying JR51053.  To migrate to an AES merchant key, see steps
    4 to 8 in the following link: Updating to NIST SP 800-131A
    security standards. After migrating to an AES merchant key,
    apply JR51053.  See below for download links.
    
          Sites running on the Solaris operating system
    
                 The Solaris version of the SDK is not immediately
    affected.  Applying JR51053 will have no impact on the system.
    To avoid potential future compatibility issues, clients are
    required to use an AES merchant key. To migrate to an AES
    merchant key, see steps 4 to 8 in the following link:  Updating
    to NIST SP 800-131A security standards.
    

Local fix

  • Do not apply IBM Java SDK 1.6 SR16 Cumulative Fix for WebSphere
    Application Server, made available with WebSphere Application
    Server V7.0 Fix Pack 33. Java SDK 1.6 SR15 Cumulative Fix for
    WebSphere Application Server can be used instead. Java SDK 1.6
    SR15 download is available with WebSphere Application Server
    V7.0 Fix Pack 31.
    
    Using WebSphere Application Server V7.0 Fix Pack 33 with Java
    SDK 1.6 SR15 is a supported configuration.
    
    If the WebSphere Commerce V7.0 environment was installed on a
    system that had Java SDK 1.6 SR16 pre-installed (WebSphere
    Application Server 7.0.0.33) you will not be immediately
    affected, but may experience similar issues with future fixes.
    

Problem summary

  • USERS AFFECTED:
    All Site users
    
    PROBLEM ABSTRACT:
    Decryption errors after upgrading to IBM Java 1.6 SR16
    
    BUSINESS IMPACT:
    Unable to access some data.
    

Problem conclusion

  • Resolves an issue which was introduced by upgrading to IBM JDK
    1.6 SR16.
    -------------------------------------------------------------
    The latest available maintenance information can be obtained
    from the Recommended Fixes for WebSphere Commerce technote:
    http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR51053

  • Reported component name

    3C COM PROF ED

  • Reported component ID

    5724I4000

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / Pervasive

  • Submitted date

    2014-08-19

  • Closed date

    2014-11-25

  • Last modified date

    2015-02-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    3C COM PROF ED

  • Fixed component ID

    5724I4000

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPK6A","label":"WebSphere Commerce Professional"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
11 December 2021