Closed as program error.
External Symptoms When using the KeyTool command, the command fails right after the password is entered. It fails with a NullPointerException at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.run(Unknown Source) at com.ibm.crypto.tools.KeyTool.main(Unknown Source) Additional Keywords KeyTool NPE Verification Steps Run with the below traces enabled: -J-Djava.security.auth.debug=all -J-Djavax.net.debug=true Within the trace output you will find: Cipher: (Thread[main,5,main]) Crypto Permission check failed Cipher: (Thread[main,5,main]) granted: (CryptoPermission * 128) Cipher: (Thread[main,5,main]) requesting: (CryptoPermission PBE 168) com.ibm.misc.Debug exception FINER: com.ibm.security.pkcs12.BasicPFX getBags java.security.InvalidKeyException: Illegal key size
To fix this problem, there are 2 files found in your <JAVA_HOME>/demo/jce/policy-files/unrestricted directory that need to be copied into <JAVA_HOME>/lib/security The two files that need to be copied are US_export_policy.jar and local_policy.jar Be sure that the file permissions in the newly copied files are the same as the file permissions on the original files in <JAVA_HOME>/lib/security Contact Level 2 for interim fix.
issue 1- PKCS12 Key Stores across 1.4.2, 5.0, and 6.0 need to support certificates which are signed with MD5withRSA. issue 2- KeyTool has a NPE when creating a JKS keystore by an import from a P12 flat file with restricted policy files.
This defect will be fixed in: 5.0.0 SR11 6.0.0 SR6 1.4.2 SR13 FP2 . issue 1- The fix is to allow for additional types of signatures to be recognized in the 3 P12 keystore types. issue 2- The fix is to check whether the parsed certificates from the file creates a null array of certificates. . To obtain the fix: Install build 20090732 or later
Reported component name
JAVA 5 Z/OS 31
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA 5 Z/OS 31
Fixed component ID
Applicable component levels