问题
I have a keystore JCEKS create with the SUN PROVIDER.
I have to use the same store on a IBM JDK that doesn't have the SUN PROVIDER. How can i convert the keystore or export the key using keytool in order to let the IBM JDK to access the key in the keystore?
回答1:
IBM's JDK cannot load the keystore created using SUN's JDK. So on an IBM machine, if you want to use a keystore, it should be created using IBM's JDK only.
For creating new keystore using IBM's JDK refer this.
回答2:
You can use the IBMJCE with a JCEKS keystore created using SunJCE. It might be possible that using keytool a password was provided for both the keystore as well as a separate password for the securekey itself. When using keyman IBM Key Manager or your own classes with the IBMJCE to get the secure key from the JCEKS you may get com.sun.crypto.provider.SealedObjectForKeyProtector error. The solution is to set the password for the keystore and the securekey to the same value.
回答3:
JCEKS is a SUN format type introduced with JCE.
That does not mean that it is supported only by SUNs/Oracles' JDK.
You should be able to use it in an IBM JDK as well (using the IBM providers of course). Check out IBM Security
来源:https://stackoverflow.com/questions/9175085/convert-a-key-of-jceks-of-a-provider-into-another-store-for-another-provider