What's wrong with IBM's JCE provider?

Question

I have a JCE test that works fine with all Sun JDKs I have tried, but fails with various IBM J9 JDKs (e.g. 1.6.0 build pwi3260sr8-20100409_01(SR8)). The exception below happ

Answer 1

I don't know this for sure but I believe that the JCE has an embedded policy limiting encryption to the public key and decryption to the private key.

In the example code the encryption was done with the private key. This would require the public key to decrypt, meaning that anyone with the public key could access the encoded data. Although this has it's uses it is not the accepted pattern and the IBM implementation may be "protecting" you from accidentally creating encrypted data that was publicly readable.

The fact that it tested properly when these were reversed tends to confirm my suspicions but I haven't yet found an official document stating as much.