WAS支持RSA公钥解密

阅读更多

需要将 -Dcom.ibm.crypto.provider.DoRSATypeChecking=false 

false改为true

 

详见:http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625

 

APAR status

  • Closed as program error.

     

Error description

  • We have agreed to provide a flag for use at runtime to allow for
    the RSA encryption of data with the private key, as well as
    decryption of data with the public key.  This flag can be set
    with the following property:
    
    -Dcom.ibm.crypto.provider.DoRSATypeChecking=false
    
    In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
    meaning that IBM's Java will have the old behavior.  If this
    flag is set to "false" IBM's Java will allow for the atypical
    scenario with the reversal of the keys described above.
    
    Please note: This configuration is not recommended for use by
    developers of standard applications.  It is understood that by
    setting this flag, a developer understands the behavior that is
    being enabled (encrypting with the private key/permitting anyone
    with the public key to decrypt).  In nearly all cases,
    performing a signature in the standard way (with the private key
    to sign and the public key to verify) is preferred and
    recommended.
    
    With this APAR we are making sure the PUBLIC KEY can be used for
    DECRYPT.
    

     

Local fix

  • N/A
    

     

Problem summary

  • ERROR DESCRIPTION:
    
    IBM JVM should support encrypting using the private key and
    decrypting using the public key
    
    Note: This is a follow-up to APAR IV17344, which allows the
    public key to decrypt properly in this configuration
    

     

Problem conclusion

  • We have agreed to provide a flag for use at runtime to allow for
    the RSA encryption of data with the private key, as well as
    decryption of data with the public key.  This flag can be set
    with the following property:
    
    -Dcom.ibm.crypto.provider.DoRSATypeChecking=false
    
    In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
    meaning that IBM's Java will have the old behavior.  If this
    flag is set to "false" IBM's Java will allow for the atypical
    scenario with the reversal of the keys described above.
    
    Please note: This configuration is not recommended for use by
    developers of standard applications.  It is understood that by
    setting this flag, a developer understands the behavior that is
    being enabled (encrypting with the private key/permitting anyone
    with the public key to decrypt).  In nearly all cases,
    performing a signature in the standard way (with the private key
    to sign and the public key to verify) is preferred and
    recommended.
    
    Hursley defect: 190326.
    
    Affects ibmjceprovider.jar.  Available in 5.0 SR 14, 6.0 SR11,
    6.0_26 SR 3, and 7.0 SR 5
    
    Jar build date: 20120404
    
    WORKAROUNDS:
    
    None

 

你可能感兴趣的:(WAS支持RSA公钥解密)