-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
rhel-8.8.0.z
-
None
-
None
-
None
-
sst_java
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Tried to run keytool against pkcs12 store of PBEWithSHA1AndDESede in FIPS mode, and it failed with the following error:
[root@localhost security]# fips-mode-setup --check FIPS mode is enabled. [root@localhost ~]# openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out new.des.p12 -passin pass:password -passout pass:password -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES [root@localhost ~]# rpm -qa | grep java-17 java-17-openjdk-headless-17.0.8.0.7-2.el8.x86_64 java-17-openjdk-17.0.8.0.7-2.el8.x86_64 [root@localhost ~]# /usr/lib/jvm/java-17-openjdk-*/bin/keytool -list -v -keystore /new.des.p12 -storetype pkcs12 -storepass password keytool error: java.io.IOException: keystore password was incorrect java.io.IOException: keystore password was incorrect at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159) at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) at java.base/java.security.KeyStore.load(KeyStore.java:1473) at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:946) at java.base/sun.security.tools.keytool.Main.run(Main.java:415) at java.base/sun.security.tools.keytool.Main.main(Main.java:408) Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.security.NoSuchAlgorithmException: Cannot find any provider supporting PBEWithSHA1AndDESede ... 6 more
Please provide the package NVR for which bug is seen:
How reproducible:
Steps to reproduce
- `openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out new.des.p12 -passin pass:password -passout pass:password -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES`
- `/usr/lib/jvm/java-17-openjdk-*/bin/keytool -list -v -keystore /new.des.p12 -storetype pkcs12 -storepass password`
Expected results
It should show a certificate.
Actual results
It shows java.security.NoSuchAlgorithmException: Cannot find any provider supporting PBEWithSHA1AndDESede