需要将 -Dcom.ibm.crypto.provider.DoRSATypeChecking=false
false改为true
详见:http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625
APAR status
-
Closed as program error.
Error description
-
We have agreed to provide a flag for use at runtime to allow for the RSA encryption of data with the private key, as well as decryption of data with the public key. This flag can be set with the following property: -Dcom.ibm.crypto.provider.DoRSATypeChecking=false In Java 5, 6, 6.0_26, and 7, the default value will be "true" -- meaning that IBM's Java will have the old behavior. If this flag is set to "false" IBM's Java will allow for the atypical scenario with the reversal of the keys described above. Please note: This configuration is not recommended for use by developers of standard applications. It is understood that by setting this flag, a developer understands the behavior that is being enabled (encrypting with the private key/permitting anyone with the public key to decrypt). In nearly all cases, performing a signature in the standard way (with the private key to sign and the public key to verify) is preferred and recommended. With this APAR we are making sure the PUBLIC KEY can be used for DECRYPT.
Local fix
-
N/A
Problem summary
-
ERROR DESCRIPTION: IBM JVM should support encrypting using the private key and decrypting using the public key Note: This is a follow-up to APAR IV17344, which allows the public key to decrypt properly in this configuration
Problem conclusion
-
We have agreed to provide a flag for use at runtime to allow for the RSA encryption of data with the private key, as well as decryption of data with the public key. This flag can be set with the following property: -Dcom.ibm.crypto.provider.DoRSATypeChecking=false In Java 5, 6, 6.0_26, and 7, the default value will be "true" -- meaning that IBM's Java will have the old behavior. If this flag is set to "false" IBM's Java will allow for the atypical scenario with the reversal of the keys described above. Please note: This configuration is not recommended for use by developers of standard applications. It is understood that by setting this flag, a developer understands the behavior that is being enabled (encrypting with the private key/permitting anyone with the public key to decrypt). In nearly all cases, performing a signature in the standard way (with the private key to sign and the public key to verify) is preferred and recommended. Hursley defect: 190326. Affects ibmjceprovider.jar. Available in 5.0 SR 14, 6.0 SR11, 6.0_26 SR 3, and 7.0 SR 5 Jar build date: 20120404 WORKAROUNDS: None