KB#01150-Encryption issue with Solaris and BBJ
Title:
Encryption issue with Solaris and BBJ
Description:
The initial security.provider that Sun provides with java is not compatible with the default encryption that we use. This affects both the Solaris and Sun-Intel port of BBj.
The following changes are required to the java.security file located in ..jdk/jdk1.6.0/jre/lib/security/security.policy file. Root access is required and temporarily give the file write permissions.
The list of security providers will look similar to:
security.provider.1=sun.security.pkcs11.SunPKCS11${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSCkcs11-solaris.cfg
The default encryption depends on the second security provider, not the first. Reorder this list moving the first entry to the last:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSCkcs11-solaris.cfg
security.provider.9=sun.security.pkcs11.SunPKCS11${java.home}/lib/security/sunpkcs11-solaris.cfg
Once this is complete, change the permissions of the file back to:
--r--r--r
and restart BBjServices.
The default encryption should now work properly.
Last Modified: 10/12/2007 Product: BBj Operating System: Solaris
BASIS structures five components of their technology into the BBx Generations.
