WAS支持RSA公钥解密

需要将 -Dcom.ibm.crypto.provider.DoRSATypeChecking=false 

false改为true

 

详见：http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625

 

APAR status

• Closed as program error.

   

Error description

• We have agreed to provide a flag for use at runtime to allow for
  the RSA encryption of data with the private key, as well as
  decryption of data with the public key.  This flag can be set
  with the following property:
  
  -Dcom.ibm.crypto.provider.DoRSATypeChecking=false
  
  In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
  meaning that IBM's Java will have the old behavior.  If this
  flag is set to "false" IBM's Java will allow for the atypical
  scenario with the reversal of the keys described above.
  
  Please note: This configuration is not recommended for use by
  developers of standard applications.  It is understood that by
  setting this flag, a developer understands the behavior that is
  being enabled (encrypting with the private key/permitting anyone
  with the public key to decrypt).  In nearly all cases,
  performing a signature in the standard way (with the private key
  to sign and the public key to verify) is preferred and
  recommended.
  
  With this APAR we are making sure the PUBLIC KEY can be used for
  DECRYPT.
  

   

Local fix

• N/A
  

   

Problem summary

• ERROR DESCRIPTION:
  
  IBM JVM should support encrypting using the private key and
  decrypting using the public key
  
  Note: This is a follow-up to APAR IV17344, which allows the
  public key to decrypt properly in this configuration
  

   

Problem conclusion

• We have agreed to provide a flag for use at runtime to allow for
  the RSA encryption of data with the private key, as well as
  decryption of data with the public key.  This flag can be set
  with the following property:
  
  -Dcom.ibm.crypto.provider.DoRSATypeChecking=false
  
  In Java 5, 6, 6.0_26, and 7, the default value will be "true" --
  meaning that IBM's Java will have the old behavior.  If this
  flag is set to "false" IBM's Java will allow for the atypical
  scenario with the reversal of the keys described above.
  
  Please note: This configuration is not recommended for use by
  developers of standard applications.  It is understood that by
  setting this flag, a developer understands the behavior that is
  being enabled (encrypting with the private key/permitting anyone
  with the public key to decrypt).  In nearly all cases,
  performing a signature in the standard way (with the private key
  to sign and the public key to verify) is preferred and
  recommended.
  
  Hursley defect: 190326.
  
  Affects ibmjceprovider.jar.  Available in 5.0 SR 14, 6.0 SR11,
  6.0_26 SR 3, and 7.0 SR 5
  
  Jar build date: 20120404
  
  WORKAROUNDS:
  
  None