问题
I am trying to create a "bks" keystore using keytool (using terminal app on Mac OS X). I am following the instructions in:
keytool error: java.security.KeyStoreException: BKS not found
This is my usage:
keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize 2048 -validity 10000 -keypass android -keystore /Users/djames/dropbox/bc146keystore/debug.keystore -storepass android -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/bcprov-jdk16-146.jar -dname "CN=Android Debug, OU=Android, O=Android, L=Whitefish, S=MT, C=US"
I am getting the following error:
keytool error: java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
at sun.security.tools.KeyTool.parseArgs(KeyTool.java:375)
I have seen the -provider path option recommended in countless web posts (including the one above) and when I run keytool -help it confirms the syntax is legal:
keytool usage: ...
-genkeypair [-v] [-protected]
[-alias <alias>]
[-keyalg <keyalg>] [-keysize <keysize>]
[-sigalg <sigalg>] [-dname <dname>]
[-validity <valDays>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
I also tried the following alternative (per http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html):
- deleting the
-providerpathoption of thekeytoolcommand, - placing the
bcprov-jdk16-146.jarinside the{$JAVA_HOME/lib/ext}folder - adding
security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProviderto the java.security file.
But it still failed.
Any ideas on what I can do differently to succeed in creating a BKS keystore?
回答1:
It's many years since, but I am attempting this too.
The answer is that you have the parameters in the wrong order. The -providerpath needs to come before the -providerclass parameter.
I hope that helps someone in future searching for a solution.
回答2:
I was never able to succeed with Keytool. This is what I did to solve the problem instead: I made a copy of the default debug.keytool (a JKS type keystore) that was created by Eclipse (Indigo, SR2) automatically the first time an android program is run in Eclipse, and used Portecle (http://portecle.sourceforge.net/) to convert this to a BKS type keystore. Now this is the tricky part: If I now used the BKS version of debug.keytool in place of the original, I got an "Android packaging error" in Eclipse “java.io.IOException: Invalid keystore format” whenever I would try to run the android program. However, if I left the original JKS version of debug.keytool in the default directory where Eclipse created it, then I could use the BKS version of the debug.keytool in the Android program's /resources/raw subfolder and have Android open it and recognize it. Jim
回答3:
An easy alternative is to use Portecle to generate the BKS:
- Download the needed Boucycastle Provider
- Replace bcprov.jar in your Portecle install directory (example:
C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required. - Restart Portecle and generate your BKS truststore.
More explanations here.
回答4:
I am trying to do SSL connection with certificates, so to support in Android I need to use jks / bks files as trust store.
So generated jks file tried in android SSLSocket connection, But throws exception that jks not able to read. So I have to add Boncycastle provider to JVM and create bks using jks file
Download the Bouncycastle provider jar file and place under below path:
C:\Program Files\Java\jre1.8.0_191\lib\ext
Update the java.security file by adding provider for the following file
C:\Program Files\Java\jre1.8.0_191\lib\security\java.security
Add the provider
security.provider.12=org.bouncycastle.jce.provider.BouncyCastleProvider
Close command prompt and open execute command to get bks file like below:
keytool -importkeystore -srckeystore <input>.jks -destkeystore <required_bks_file_name>.bks -srcstoretype JKS -deststoretype BKS -srcstorepass <jsk file password> -deststorepass <jsk file password> -provider org.bouncycastle.jce.provider.BouncyCastleProvider
Now you can bks file in your folder.
Thanks
来源:https://stackoverflow.com/questions/12015512/keytool-error-when-creating-bks-keystore-providerpath-is-not-a-legal-command