Geek Answers Handbook

Keytool with custom algorithms

I am trying to create a keystore using Keytool with my algorithms.

I created a custom java.security.provider with the extended classes SignatureSPI, MessagedigestSPI and KeyPairGeneratorSPI and statically set it.

The problem I am facing is when I try to create a repository using:

keytool -alias something -genkeypair -keyalg GOST2001KeyPairGenerator -sigalg GOST2001Signature -providerclass ru.test.security.test_provider -storetype pkcs12 -keystore test_keystore

I get error messages and errors:

 GOST2001KeyPairGenerator initialize GOST2001KeyPairGenerator generateKeyPair GOST2001Signature engineInitSign keytool error: java.lang.RuntimeException: internal error! unrecognized algorithm name: GOST2001Signature

The strange thing is that the algorithm actually begins to execute, but is subsequently called unrecognized. I can’t understand what is going wrong.

+7
source share
2 answers

Well, it's hard to say what happens without being able to look at the progress that the program is making in your algorithm. Try tracking the parts of your program that really work with debugging messages, etc., so that you know what works and what doesn't.

If there is a RuntimeException, it may be stuck in the loop. And if the GOST2001Signature algorithm is an unrecognizable chance, there might be a problem. If this worked, you may not be initializing it a second time. Usually, when I wrote a part of a program, it works once, but not the second time, I forgot to initialize something, forcing it to change the result, etc.

Good luck. Hope my suggestions help.

+1
source

Here is what I did:

  • You will need to create a jar from your custom provider and the classes it needs.
  • Then you need to put this jar in: C: \ Program Files \ Java \ jre6 \ lib \ ext
  • Add security.provider.7 = my.package.MyProvider to java.security (7 - the next int is ok).
  • Use the -providerName MYPROVIDERNAME parameter on the command line of the tool
  • If you plan to use -providerClass, be sure to use the fully qualified name, not just the class name.

That should do it.

If not, after correcting the parameters, you will still get a NoSuchProviderException (using -providerName) or ClassNotFoundException (using -providerClass) exception, be sure to use the correct copy of keytool. That is, when executing, specify the full path of keytool, and do not rely on your PATH variable. Make sure the path refers to the JRE in which your provider was installed. Many systems (like mine) have several JRE / JDKs.

Good luck.

+1
source

More articles:


All Articles