Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

java.lang.SecurityException: Unsupported keysize or algorithm parameters

Go to solution
Former Member

‎2007 Mar 05 8:22 PM

0 Likes
1,106

Hello,

Can some one help me to resolve this issue

We recently upgraded JRE on our development environment for the <b>DST resolution</b> from <b>1.4.2.06 to 1.4.2.13</b>, and found that

it broke our user mapping functionality and we may be on “weak” encryption <b>(also How do we find what type of encryption is installed on the portal?)</b> so followed <b>SAP note 796540</b>, but that didn't helped the issue, here are the following errors

#1.5#001143EF10D8008700000061000011FC00042AAA8CBB182E#1172811900726#com.sap.security.core.umap.imp.UserMappingDataImp

#sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(int, String)#anon_adp#0####

31055970c87311dbbfa4001143ef10d8#Thread [ThreadPool.Worker3,5, SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/

System/Security/Usermanagement#Plain###Cannot decrypt user mapping data for principal "Administrator" (unique ID: "USER.PRIVATE_DATASOURCE.un:Administrator") and backend system "UME_R3"

because the "<b>JCE Policy Files for unlimited strength encryption</b>" have not been (correctly) installed in the Java Environment that is

used by this server. Please check the documentation on how to get and install those files. See also SAP note 796540.#

#1.5#001143EF10D80087000000C2000011FC00042AAB634D314F#1172815500631#com.sap.security.core.umap.imp.UserMappingDataImp#

sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp#anon_adp#0####31055970c87311dbbfa4001143ef10d8#Thread[ThreadPool.Worker3,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Java###handleEncryptedFields(int, String)

[EXCEPTION]

<b> #1#java.lang.SecurityException: Unsupported keysize or algorithm parameters</b> at javax.crypto.Cipher.init(DashoA12275)

at com.sap.security.core.vault.StringEncryptor.decryptRaw(StringEncryptor.java:190)

at com.sap.security.core.umap.imp.EncryptedFieldBlob.decrypt(EncryptedFieldBlob.java:182)

at com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(UserMappingDataImp.java:1005)

at com.sap.security.core.umap.imp.UserMappingDataImp.getLogonDataForSystem(UserMappingDataImp.java:1281)

at com.sap.security.core.umap.imp.UserMappingDataImp.internalInit(UserMappingDataImp.java:180)

at com.sap.security.core.umap.imp.UserMappingDataImp.<init>(UserMappingDataImp.java:104)

at com.sap.security.core.umap.imp.UserMapping.getUserMappingData(UserMapping.java:308)

I appreciate for any suggestions

Thanks,

kk

1 ACCEPTED SOLUTION
Read only

Go to solution
H_Ettelbrueck
Product and Topic Expert
Product and Topic Expert

‎2007 Mar 06 10:06 AM

0 Likes
755

Hi kk,

if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.

Best regards

Heiko

4 REPLIES 4
Read only

Go to solution
yonko_yonchev
Advisor
Advisor

‎2007 Mar 06 9:02 AM

0 Likes
755

Hello,

once you install strong encryption it can't be reverted back. You can check from the Config Tool (check box <i>Encrypted Secure Store</i> under nav tree node <i>Secure Store</i> is enabled) whether strong encryption is enabled or not.

Therefore, SAP note 796540 doesn't apply to your case (it applies only if you never used strong encryption), and you should revert the change to the UME property, made per the note.

Try this to see if it works for you. Also, make sure that the OS system paths to the location of the JDK in your file system are updated.

Regards,

Yonko

Read only

Go to solution
H_Ettelbrueck
Product and Topic Expert
Product and Topic Expert

‎2007 Mar 06 10:06 AM

0 Likes
756

Hi kk,

if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.

Best regards

Heiko

Read only

Go to solution
Former Member
In response to H_Ettelbrueck

‎2007 Mar 08 3:50 PM

0 Likes
755

Thanks Heiko, The issue is resolved after installing the "strong/unlimited strength" JCE files

Appreciate every one's help on this

Thanks

Read only

Go to solution
Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2007 Mar 07 2:11 PM

0 Likes
755

Also have a kind look on <a href="https://service.sap.com/sap/support/notes/739043">SAP Note 739043</a>