'java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available' on RHEL 8.3 with FIPS mode enabled

Question

Recently, I discovered that on one of the servers, Java 11 has been updated:

From: java-11-openjdk-headless-1:11.0.13.0.8-1.el8_4.x86_64
To:   java-11-openjdk-headless-1:11.0.14.0.9-2.el8_5.x86_64

So from 11.0.13.0.8-1 to 11.0.14.0.9-2. Host is running on RHEL 8.3 with FIPS mode enabled. Before, this code snippet was able to create JKS keystore (public certificate and private key, + CA certificate) and truststore (CA certificate) for Kafka:

openssl pkcs12 -export -in kafka.cer -inkey kafka.key -out kafka.p12 -name kafka -password pass:(...) 
keytool -importkeystore -srckeystore kafka.p12 -destkeystore kafka.keystore.jks -srcstoretype pkcs12 -alias kafka -deststoretype pkcs12 -srcstorepass (...) -deststorepass (...) -noprompt
keytool -keystore kafka.keystore.jks -alias CARoot -import -file ca.cer -storepass (...) -keypass (...) -noprompt
keytool -keystore kafka.truststore.jks -alias CARoot -import -file ca.cer -storepass (...) -keypass (...) -noprompt

Certificate and private key are obtained from different source, RSA 2048-bit. Signature algorithm is: SHA-256 with RSA.

After update of OpenJDK 11, I no longer can generate the keystore with above snippet due to the following error:

keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available
java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available
        at java.base/sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:839)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2074)
        at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
        at java.base/java.security.KeyStore.load(KeyStore.java:1479)
        at java.base/java.security.KeyStore.getInstance(KeyStore.java:1807)
        at java.base/java.security.KeyStore.getInstance(KeyStore.java:1687)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:928)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:412)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:405)
Caused by: java.security.NoSuchAlgorithmException: PBE AlgorithmParameters not available
        at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.base/java.security.Security.getImpl(Security.java:730)
        at java.base/java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:158)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:833)
        ... 8 more

I can confirm that downgrading Java to previous version allows the above snippet to be executed. I am wondering what happened in between versions that right now the keystore cannot be generated?

Does anybody have experience with running Kafka with TLS on RHEL with FIPS? Is there any other keystore that can be generated for Kafka to enable TLS on a FIPS-enabled host?

Thanks in advance for your reply.

Answer 1

At the end of keytool call, add -J-Dcom.redhat.fips=false

Recent versions of OpenJDK disabled password-based encryption (PBE) in FIPS mode. This answer will bypass FIPS mode to allow keytool to complete its work.

Answer 2

Although I don't have RHEL (or anything else enforcing FIPS) this might be due to the fact Java crypto (specifically SunJCE) implements AlgorithmParameters PBE as an alias for PBEwithMD5andDES (I'm guessing because that's the only implemented scheme from PKCS5v1/PBES1 where this parameter form was defined, although PKCS12 adopted it) and MD5 is not Approved.

If so, you should be able to avoid this by creating the PKCS12 with PBES2 encryption, which uses different parameters. (Any PKCS12 created by 8u301 11.0.12 or 16 up should already use PBES2 by default in all environments; for lower versions the key default was SHA1and3-keyTripleDES which AFAIK is Approved but the cert default was SHA1and40-bitRC2 which isn't, so I'm not sure what does or should happen under FIPS. To increase the confusion, Java calls them SHA1andDESede and SHA1andRC2_40.)

In OpenSSL through 1.1.1 pkcs12 -export add -keypbe aes-256-cbc -certpbe aes-256-cbc or similar (because those are 'plain' ciphers not true PBE schemes, OpenSSL automatically uses PBES2 for them). Or, OpenSSL 3.0.x automatically uses these PBES2 schemes (and presumably higher versions will, when they come along).

BTW, your -importkeystore step doesn't really accomplish anything; although you use the name .jks on the output it actually is PKCS12 just like the input. It may be defaulting to different encryption, but if the input was acceptable to keytool it would be equally acceptable to any sane Java program. And since j9 in 2017 you don't need -srcstoretype for a file-based store because it's now automatic, and you don't need -deststoretype pkcs12 because it's the default.