#998 no connect possible, if AUTHENTICATION = DATA_ENCRYPT

2.3.1
open
Rob Manning
DB2 Plugin (16)
5
2012-12-29
2011-07-26
No

Hi,

If the server has set DATA_ENCRYPT for authentication in the database manager configuration, the connect always fails. I tried different connecttion strings and get the following errors:

jdbc:db2://server:50000/testdb

[jcc][t4][201][11237][4.12.55] Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000

jdbc:db2://server:50000/testdb:securityMechanism=13;

[jcc][1071][10615][4.12.55] Caught java.security.InvalidAlgorithmParameterException while initializing EncryptionManager. See attached Throwable for details. ERRORCODE=-4223, SQLSTATE=null

Everything works fine, if I set authentication to SERVER, but this is not an option. I just set it to SERVER once to narrow down the problem.
I have tried it with several releases of DB2: 9.1, 9.5, and 9.7, but I doubt that it has something to do with DB2.

My current database server runs:
db2level
DB21085I Instance "db2inst1" uses "32" bits and DB2 code release "SQL09074"
with level identifier "08050107".
Informational tokens are "DB2 v9.7.0.4", "s110330", "IP23242", and Fix Pack
"4".
Product is installed at "/opt/ibm/db2/V9.7".

I'm not a Java person, so I'm really unable to solve this problem myself.

Cheers,
Helmut

Discussion

  • Rob Manning
    Rob Manning
    2011-07-27

    Encrypting data probably requires configuring some sort of cipher and key that the client and the server must agree upon. Can you do some research on the JDBC driver documentation for the DB2 driver (JCC?) and give us detailed info on how this configuration is supposed to be done? (It probably involves driver properties which specify the value or location of crypto materials).

    Rob

     
  • That's the thing. I've already spent hours reading DB2 JDBC documentation, but couldn't find any reference to this issue.
    I'm totally lost here. But I'll talk to the JDBC developers. Maybe they can help me out.
    Your comment indicates that it is rather a DB2 issue than a SQuirreL client one.