home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IT15353 Status: Closed

DB2CKLOG TOOL DOES NOT HAVE KEYSTORE PASSWORD OPTIONS, CANNOT VALIDATE
ENCRYPTED LOG FILES

product:
DB2 FOR LUW / DB2FORLUW / A50 - DB2
Problem description:
When the DB2 Native Encryption feature is enabled, the 
database's log files are encrypted. 
A user may attempt to validate log files with the db2cklog tool. 
 
To read these encrypted log files, access to the PKCS12 local 
keystore is required. The keystore is protected by a password, 
and this password can be stored in a stash file. If this 
password is not stored in a stash file, then user need to 
specify this password for standalone tools. 
 
 
Here's the syntax output for db2cklog 
db2cklog (DB2 Check Log File tool) 
---------------------------------------------------------------- 
-------------- 
Syntax: DB2CKLOG [ CHECK ] <log-file-number1> [ TO 
<log-file-number2> ] 
        [ ARCHLOGPATH <archive-log-path> ] 
 
Currently there's no option to specify the keystore password. 
And if a keystore stash file is not used, a user will get the 
following error: 
 
 
db2cklog 1 
 
 
________________________________________________________________ 
____ 
 
                      _____     D B 2 C K L O G     _____ 
 
                            DB2 Check Log File tool 
                                 I    B    M 
 
 
          The db2cklog tool is a utility can be used to test the 
integrity 
        of an archive log file and to determine whether or not 
the log file 
                  can be used in the rollforward database 
command. 
 
 
________________________________________________________________ 
____ 
 
 
________________________________________________________________ 
________________ 
 
 
Failed to get cipher ticket from header dek! 
Reason code: -2141452066, sqlcode: -1728.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* Users using the DB2 Native Encryption feature and using      * 
* db2cklog tool                                                * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to the newest fix pack.                              * 
****************************************************************
Local Fix:
DB2 PKCS12 keystore is managed with GSkit. The user can generate 
a stash file with the following command: 
gsk8capicmd_64 -keydb -stashpw -db <keystore_file> -pw 
<keystore_password>. Once a stash file is generated, the tool 
can work properly because the password is automatically 
retrieved from the stash file.
Solution
Problem was first fixed in DB2 UDB Version 10.5 fix pack 8
Workaround
DB2 PKCS12 keystore is managed with GSkit. The user can generate 
a stash file with the following command: 
gsk8capicmd_64 -keydb -stashpw -db <keystore_file> -pw 
<keystore_password>. Once a stash file is generated, the tool 
can work properly because the password is automatically 
retrieved from the stash file.
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

18.05.2016
22.12.2016
22.12.2016
Problem solved at the following versions (IBM BugInfos)


Problem solved according to the fixlist(s) of the following version(s)