`
chun521521
  • 浏览: 286126 次
  • 性别: Icon_minigender_1
  • 来自: 长春
社区版块
存档分类
最新评论

WAS支持RSA公钥解密

 
阅读更多

需要将 -Dcom.ibm.crypto.provider.DoRSATypeChecking=false 

false改为true

 

详见:http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625

 

APAR status

  • Closed as program error.

     

Error description

  • We have agreed to provide a flag for use at runtime to allow for
the RSA encryption of data with the private key, as well as
decryption of data with the public key.  This flag can be set
with the following property:

-Dcom.ibm.crypto.provider.DoRSATypeChecking=false

In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
meaning that IBM's Java will have the old behavior.  If this
flag is set to "false" IBM's Java will allow for the atypical
scenario with the reversal of the keys described above.

Please note: This configuration is not recommended for use by
developers of standard applications.  It is understood that by
setting this flag, a developer understands the behavior that is
being enabled (encrypting with the private key/permitting anyone
with the public key to decrypt).  In nearly all cases,
performing a signature in the standard way (with the private key
to sign and the public key to verify) is preferred and
recommended.

With this APAR we are making sure the PUBLIC KEY can be used for
DECRYPT.

     

Local fix

  • N/A

     

Problem summary

  • ERROR DESCRIPTION:

IBM JVM should support encrypting using the private key and
decrypting using the public key

Note: This is a follow-up to APAR IV17344, which allows the
public key to decrypt properly in this configuration

     

Problem conclusion

  • We have agreed to provide a flag for use at runtime to allow for
the RSA encryption of data with the private key, as well as
decryption of data with the public key.  This flag can be set
with the following property:

-Dcom.ibm.crypto.provider.DoRSATypeChecking=false

In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
meaning that IBM's Java will have the old behavior.  If this
flag is set to "false" IBM's Java will allow for the atypical
scenario with the reversal of the keys described above.

Please note: This configuration is not recommended for use by
developers of standard applications.  It is understood that by
setting this flag, a developer understands the behavior that is
being enabled (encrypting with the private key/permitting anyone
with the public key to decrypt).  In nearly all cases,
performing a signature in the standard way (with the private key
to sign and the public key to verify) is preferred and
recommended.

Hursley defect: 190326.

Affects ibmjceprovider.jar.  Available in 5.0 SR 14, 6.0 SR11,
6.0_26 SR 3, and 7.0 SR 5

Jar build date: 20120404

WORKAROUNDS:

None

 

分享到:
| 页面禁止 iframe嵌套
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

    wolfSSL参考手册

    其支持的加密算法涵盖了对称加密、非对称加密、散列函数、公钥加密等,这些功能确保了传输数据的安全性。例如,AES是一种对称密钥加密标准,而RSA和ECC是两种常见的非对称加密算法。 2. wolfSSL支持的平台和环境 ...

    vue项目中使用AES实现密码加密解密(ECB和CBC两种模式)

    同时,为了防止密钥和初始向量在传输过程中的泄露,可以使用非对称加密(如RSA)来安全地交换这些信息。 总之,在Vue项目中实现AES加密解密可以有效保护用户数据,ECB模式简单但可能存在模式可预测性,而CBC模式...

    bcprov-jdk16-145.rar

    2. **PKCS#7/CMS支持**:Bouncy Castle支持公钥密码标准#7(PKCS#7)和内容加密标准(CMS),可以用来封装和验证数据。 3. **X.509证书处理**:它可以创建、解析和操作X.509证书,这对于建立SSL/TLS连接或进行数字...

    C#加密数据报完整实例源码(经典)

    RSA是最著名的非对称加密算法,由一对公钥和私钥组成。公钥可以公开,用于加密数据;私钥则必须保密,用于解密数据。C#中的RSA类可以帮助我们实现这一过程。 哈希函数,如MD5和SHA家族,通常用于生成数据的唯一标识...

    钉钉SDK加密包,里面包含lippi-oapi-encrpt.jar

    Java的加密库提供了丰富的加密算法,如AES(高级加密标准)、RSA(公钥加密技术)等,这些都在lippi-oapi-encrpt.jar中得到了应用。开发者可以利用Java的API进行密钥生成、数据加密解密等操作,确保与钉钉API的交互...

    CFCA工具包_服务器端(JAVA版)接口定义

    - 通过指定接收者的公钥来加密数据,确保只有拥有相应私钥的接收者才能解密。 - **设置数字信封的接收者使用keyid做为标识** - 通过使用keyid作为标识符,可以在不直接暴露公钥的情况下指定接收者。 - **PKCS#7...

Magicbox
Global site tag (gtag.js) - Google Analytics