000028005 - Cert-J 3.0: Importing PKCS#12 files using RC2 encryption

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028005
Applies ToCert-J 3.0
Cert-J 3.0.1
IssueCert-J 3.0: Importing PKCS#12 files using RC2 encryption
Unable to import PKCS#12 files using RC2 encryption

The issue is a defect in the Crypto-J 4.0, not Cert-J. The problem is that the following public API does not take into consideration the FIPS mode set on the context:

JSAFE_PrivateKey.getInstance(byte[] ber, int offset, String device, com.rsa.cryptoj.core.fips140.state.FIPS140Context fips140Context)

ResolutionThis problem has been fixed in Crypto-J 4.0.1, but 4.0.1 has not been FIPS validated. For this reason, the 4.0.1 release only includes the non-FIPS libraries. Cert-J 3.0.1 includes Crypto-J 4.0.1, but the FIPS libraries are still from Crypto-J 4.0 and do not contain the fix.  For the real fix, you will need the next FIPS validated version of Crypto-J.

A workaround that uses the Crypto-J 4.0 library is to use the following API instead:

JSAFE_PrivateKey.getInstance(String transform, String device, com.rsa.cryptoj.core.fips140.state.FIPS140Context fips140Context)

Legacy Article IDa46008