Matt, I investigated this a bit with the owners of the IBMJCE component shipped with i5/OS. Here's the response: The IBMJCE maybe a little old on this customer's system. With the latest IBMJCE very soon to be released as PTF, when I run this customer's code I get 32 for both the pre and post sizes. It should be approved within the next couple days. The PTF number is SI18345. If the customer wants it a day or two early, I don't have any problem releasing it as a test PTF. If you need something immediately, contact me offline and I'll connect you with the component owner. Patrick Botz Senior Technical Staff Member Rochester CTC, eServer Security Architecture & Consulting iSeries Security Architect (507) 253-0917, T/L 553-0917 email: botz@xxxxxxxxxx For more information on CTC, visit our website at http://www.ibm.com/eserver/services http://www.ibm.com/servers/eserver/services security400-bounces@xxxxxxxxxxxx wrote on 06/28/2005 09:36:27 AM: > Hello, > > I have also posted this message to the JAVA 400-L mailing list. I am > testing my Java code on the iSeries and continue to run in to a > persistent issue. I have made a cryptographic provider for Java as a > project, and it works perfectly on Windows and z/OS. However, I run > into an issue on the iSeries when I attempt to use the AES (Rijndael) > algorithm. Here's the code I run: > > SecretKeyFactory aesFactory = SecretKeyFactory.getInstance("AES"); > SecretKeySpec x = new SecretKeySpec(aes256Key, 0, 32, "AES"); > System.out.println("Pre generateSecret() Size: " + x.getEncoded().length); > aesKey = aesFactory.generateSecret(x); > System.out.println("Post generateSecret() Size: " + aesKey. > getEncoded().length); > > The variable "aes256Key" is a filled byte array of length 32. When I > run this code, I get an output like the following: > > Pre generateSecret() Size: 32 > Post generateSecret() Size: 16 > > When I print the arrays, the Post-generateSecret() array is exactly > the first 16 bytes of the pre-genarateSecret() array. (i.e., if the > "Pre" array is <0,1,2,3,…,31>, the "Post" array is <0,1,2,3…15>). > However, no error was thrown; the array was just truncated. > > I thought this was an issue with the Unlimited Strength Jurisdiction > Policy Files, but the behavior remained the same when I updated them. > I also attempted to do this with TripleDES instead of AES, but the > code worked fine. > > Does the IBM JCE limit AES to 128-bits without even throwing an error? > Any insight would be greatly appreciated. >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.