cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Crypto provider priority reset after restart

Former Member

on ‎06-28-2005 1:22 PM

0 Kudos

We changed the crypto provider priority as mentioned in:

http://help.sap.com/saphelp_nw04/helpdata/en/cd/9dd23e6b2c3d67e10000000a114084/frameset.htm

detail we lowered the iaik provider.

But after restarting the server the settings were reset to default. Is there a way to make the changes permanent ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎07-01-2005 8:53 PM
0 Kudos

Thanks. But java.security seems to be like the default. No reference to the iaik provider on the list.

I wonder where WAS takes his information and seems to add it on startup.

Show replies
Show replies
Former Member
‎07-02-2005 2:02 PM
0 Kudos

You'll have to find where in the code you have a snippet like:

java.security.Security.addProvider(myobj);

where myobj is an instance of java.security.Provider class

It looks like your provider gets loaded dynamically.

It should get loaded after all the static providers.

If you need for a specific cryptographic function to access this provider only specify its name in the function call.

exemple:

import javax.crypto.*;

Cipher mycipher = Cipher.getInstance("mytransfo","myprovidername");

Enjoy

Former Member
‎06-29-2005 7:35 AM
0 Kudos

Hi. Sorry I must have pasted the wrong link, I meant that one:

http://help.sap.com/saphelp_nw04/helpdata/en/6d/9538ccd151404babbb8c2f1c39dfec/content.htm

There we changed priority which works at runtime. But after restarting WAS the settings are put back to the default. I cannot see this changes reflected in java.security.

Any hints how to make the changes permanent ?

Show replies
Show replies
Former Member
‎06-29-2005 7:51 PM
0 Kudos

Looks like the link you posted will only allow you to change the runtime config ...ie while the server is running? After the server is stopped have you checked your java.security? What is the order of the providers in there? Has it changed in accordance to your new setup.

At appserver restart time the order will be read as it is in java.security.

Hope it helps

Former Member
‎06-28-2005 9:24 PM
0 Kudos

Holger the link you provided shows only the way to change the status at startup of some services. It does not show how to change the order in which the providers are loaded.

Sorry I can't be more specific about the SAP server, however if you look at the generic JCE pages on Sun's website they tell you following:

You should have somewhere on your path:

app/user/machine a file name java.security..

In that file you have entries like:

#

  1. List of providers and their preference orders (see above):

#

security.provider.1=sun.security.provider.Sun

The number in security.provider.# will determine the order of preference in which the providers are loaded and possibly scanned.

If you want to force a specific provider's implementation of a security protocol you might just have to code for that by requesting it.

exemple Cipher.getInstance(protocol, provider)...

or Cipher.getInstance(protocol, "providername")...

Show replies
Show replies
Ask a Question