05-18-2007 10:55 PM
When trying to decrypt an RNIF message in our SAP XI system we are running into an issue with below error message:
"Unable to validate message; key used for decrypting message is invalid; expected keystore entry: SSL-<SID>; keystore entry used: null"
The keystore administrator role is mapped to XIAFUSER. We validated the decryption using the J2EE Private Key thru a third-party (non-SAP) tool and it works fine. The keystore SSL-<SID> contains the Private Key and Cert from our CA. The message was encrypted using the Public Key of J2ee engine.
We were unable to generate more details even after increasing the log level. The security.log is the only place showing the above error message.
05-29-2007 10:46 PM
The folder C:\j2sdk1.4.2_13\jre\lib\security contains the Java Cryptography Extension (JCE) files - 'local_policy.jar' and 'US_export_policy.jar' .The default files will have a size of 3 kb.These need to be replaced by JCE Unlimited Strength Jurisdiction Policy Files - 'local_policy.jar' and 'US_export_policy.jar' which are of size 5kb. In brief, C:\j2sdk1.4.2_13\jre\lib\security should contain the files - 'local_policy.jar' and 'US_export_policy.jar' and their size should be 5kb (and not 3kb). After we did this change the decrypt worked fine.