I investigated this a bit with the owners of the IBMJCE component shipped
with i5/OS.

Here's the response:

The IBMJCE maybe a little old on this customer's system.  With the latest
IBMJCE very soon to be released as PTF, when I run this customer's code I
get  32 for both the pre and post sizes.  It should be approved within the
next couple days.  The PTF number is SI18345.  If the customer wants it a
day or two early, I don't have any problem releasing it as a test PTF.

If you need something immediately, contact me offline and I'll connect you
with the component owner.

Patrick Botz
Senior Technical Staff Member
Rochester CTC, eServer Security Architecture & Consulting
iSeries Security Architect
(507) 253-0917, T/L 553-0917
email: botz@xxxxxxxxxx

For more information on CTC, visit our website at

security400-bounces@xxxxxxxxxxxx wrote on 06/28/2005 09:36:27 AM:

> Hello,
> I have also posted this message to the JAVA 400-L mailing list.  I am
> testing my Java code on the iSeries and continue to run in to a
> persistent issue.  I have made a cryptographic provider for Java as a
> project, and it works perfectly on Windows and z/OS.  However, I run
> into an issue on the iSeries when I attempt to use the AES (Rijndael)
> algorithm.  Here's the code I run:
> SecretKeyFactory aesFactory = SecretKeyFactory.getInstance("AES");
> SecretKeySpec x = new SecretKeySpec(aes256Key, 0, 32, "AES");
> System.out.println("Pre  generateSecret() Size: " +
> aesKey = aesFactory.generateSecret(x);
> System.out.println("Post generateSecret() Size: " + aesKey.
> getEncoded().length);
> The variable "aes256Key" is a filled byte array of length 32.  When I
> run this code, I get an output like the following:
> Pre  generateSecret() Size: 32
> Post generateSecret() Size: 16
> When I print the arrays, the Post-generateSecret() array is exactly
> the first 16 bytes of the pre-genarateSecret() array.  (i.e., if the
> "Pre" array is <0,1,2,3,…,31>, the "Post" array is <0,1,2,3…15>).
> However, no error was thrown; the array was just truncated.
> I thought this was an issue with the Unlimited Strength Jurisdiction
> Policy Files, but the behavior remained the same when I updated them.
> I also attempted to do this with TripleDES instead of AES, but the
> code worked fine.
> Does the IBM JCE limit AES to 128-bits without even throwing an error?
> Any insight would be greatly appreciated.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.