Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

java.lang.SecurityException: Unsupported keysize or algorithm parameters

Go to solution
Former Member

‎03-05-2007 8:22 PM

0 Kudos

Hello,

Can some one help me to resolve this issue

We recently upgraded JRE on our development environment for the <b>DST resolution</b> from <b>1.4.2.06 to 1.4.2.13</b>, and found that

it broke our user mapping functionality and we may be on “weak” encryption <b>(also How do we find what type of encryption is installed on the portal?)</b> so followed <b>SAP note 796540</b>, but that didn't helped the issue, here are the following errors

#1.5#001143EF10D8008700000061000011FC00042AAA8CBB182E#1172811900726#com.sap.security.core.umap.imp.UserMappingDataImp

#sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(int, String)#anon_adp#0####

31055970c87311dbbfa4001143ef10d8#Thread [ThreadPool.Worker3,5, SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/

System/Security/Usermanagement#Plain###Cannot decrypt user mapping data for principal "Administrator" (unique ID: "USER.PRIVATE_DATASOURCE.un:Administrator") and backend system "UME_R3"

because the "<b>JCE Policy Files for unlimited strength encryption</b>" have not been (correctly) installed in the Java Environment that is

used by this server. Please check the documentation on how to get and install those files. See also SAP note 796540.#

#1.5#001143EF10D80087000000C2000011FC00042AAB634D314F#1172815500631#com.sap.security.core.umap.imp.UserMappingDataImp#

sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp#anon_adp#0####31055970c87311dbbfa4001143ef10d8#Thread[ThreadPool.Worker3,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Java###handleEncryptedFields(int, String)

[EXCEPTION]

<b> #1#java.lang.SecurityException: Unsupported keysize or algorithm parameters</b> at javax.crypto.Cipher.init(DashoA12275)

at com.sap.security.core.vault.StringEncryptor.decryptRaw(StringEncryptor.java:190)

at com.sap.security.core.umap.imp.EncryptedFieldBlob.decrypt(EncryptedFieldBlob.java:182)

at com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(UserMappingDataImp.java:1005)

at com.sap.security.core.umap.imp.UserMappingDataImp.getLogonDataForSystem(UserMappingDataImp.java:1281)

at com.sap.security.core.umap.imp.UserMappingDataImp.internalInit(UserMappingDataImp.java:180)

at com.sap.security.core.umap.imp.UserMappingDataImp.<init>(UserMappingDataImp.java:104)

at com.sap.security.core.umap.imp.UserMapping.getUserMappingData(UserMapping.java:308)

I appreciate for any suggestions

Thanks,

kk

1 ACCEPTED SOLUTION

Go to solution
H_Ettelbrueck
Advisor
Advisor

‎03-06-2007 10:06 AM

0 Kudos

Hi kk,

if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.

Best regards

Heiko

4 REPLIES 4

Go to solution
yonko_yonchev
Active Participant

‎03-06-2007 9:02 AM

0 Kudos

Hello,

once you install strong encryption it can't be reverted back. You can check from the Config Tool (check box <i>Encrypted Secure Store</i> under nav tree node <i>Secure Store</i> is enabled) whether strong encryption is enabled or not.

Therefore, SAP note 796540 doesn't apply to your case (it applies only if you never used strong encryption), and you should revert the change to the UME property, made per the note.

Try this to see if it works for you. Also, make sure that the OS system paths to the location of the JDK in your file system are updated.

Regards,

Yonko

Go to solution
H_Ettelbrueck
Advisor
Advisor

‎03-06-2007 10:06 AM

0 Kudos

Hi kk,

if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.

Best regards

Heiko

Go to solution
Former Member
In response to H_Ettelbrueck

‎03-08-2007 3:50 PM

0 Kudos

Thanks Heiko, The issue is resolved after installing the "strong/unlimited strength" JCE files

Appreciate every one's help on this

Thanks

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-07-2007 2:11 PM

0 Kudos

Also have a kind look on <a href="https://service.sap.com/sap/support/notes/739043">SAP Note 739043</a>