× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. June 2005

Re: iSeries IBMJCE AES issue

Matt,

I investigated this a bit with the owners of the IBMJCE component shipped
with i5/OS.

Here's the response:

The IBMJCE maybe a little old on this customer's system.  With the latest
IBMJCE very soon to be released as PTF, when I run this customer's code I
get  32 for both the pre and post sizes.  It should be approved within the
next couple days.  The PTF number is SI18345.  If the customer wants it a
day or two early, I don't have any problem releasing it as a test PTF.

If you need something immediately, contact me offline and I'll connect you
with the component owner.

Patrick Botz
Senior Technical Staff Member
Rochester CTC, eServer Security Architecture & Consulting
iSeries Security Architect
(507) 253-0917, T/L 553-0917
email: botz@xxxxxxxxxx

For more information on CTC, visit our website at
http://www.ibm.com/eserver/services
http://www.ibm.com/servers/eserver/services


security400-bounces@xxxxxxxxxxxx wrote on 06/28/2005 09:36:27 AM:

> Hello,
>
> I have also posted this message to the JAVA 400-L mailing list.  I am
> testing my Java code on the iSeries and continue to run in to a
> persistent issue.  I have made a cryptographic provider for Java as a
> project, and it works perfectly on Windows and z/OS.  However, I run
> into an issue on the iSeries when I attempt to use the AES (Rijndael)
> algorithm.  Here's the code I run:
>
> SecretKeyFactory aesFactory = SecretKeyFactory.getInstance("AES");
> SecretKeySpec x = new SecretKeySpec(aes256Key, 0, 32, "AES");
> System.out.println("Pre  generateSecret() Size: " +
x.getEncoded().length);
> aesKey = aesFactory.generateSecret(x);
> System.out.println("Post generateSecret() Size: " + aesKey.
> getEncoded().length);
>
> The variable "aes256Key" is a filled byte array of length 32.  When I
> run this code, I get an output like the following:
>
> Pre  generateSecret() Size: 32
> Post generateSecret() Size: 16
>
> When I print the arrays, the Post-generateSecret() array is exactly
> the first 16 bytes of the pre-genarateSecret() array.  (i.e., if the
> "Pre" array is <0,1,2,3,…,31>, the "Post" array is <0,1,2,3…15>).
> However, no error was thrown; the array was just truncated.
>
> I thought this was an issue with the Unlimited Strength Jurisdiction
> Policy Files, but the behavior remained the same when I updated them.
> I also attempted to do this with TripleDES instead of AES, but the
> code worked fine.
>
> Does the IBM JCE limit AES to 128-bits without even throwing an error?
> Any insight would be greatly appreciated.
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.