Description

A few days ago I had a little problem when I tried to deploy in WAS 6.0 (Websphere Application Serveur 6) an application including a PDF signature.
During the execution of the servlet’s signature, I had the following problem :

java.lang.Exception: java.lang.Exception: java.io.IOException:
Error in loading the keystore: Private key decryption error:
(java.lang.SecurityException: Unsupported keysize or algorithm parameters)

Resolution

This error is caused by the JCE libraries used by the virtual java’s machine executing WAS. This JVM is the standard version and it had a limited support of cryptographie’s algorithme. To correct this you just have to substitute two jar files in teh configuration of the JVM IBM (local_policy.jar et US_export_policy.jar).
This files are in the index $JAVA_HOME/jre/lib/security (for exemple /usr/lib/jvm/jre-ibm/lib/security or /opt/IBM/WebSphere/AppServer/java/jre/lib/security).
You can download this non limited librairies http://www-128.ibm.com/developerworks/java/jdk/security/142/ (file unrestrict142.zip)

When the file is download you had to:

• Decompress the downloaded file
• Verify that this file contains local_policy.jar et US_export_policy.jar
• Stop Websphere
• Save the old files
• Substitute the two files
• Take off again WAS

Be Sociable, Share!

• 

• Run Websphere on other user than root
• Websphere – Secure administration console
• A ServletFilter to monitor the execution state of a JSP.
• Servlet : zipservlet
• Verify PDF signature with iText