2

I am trying to create a "bks" keystore using keytool (using terminal app on Mac OS X). I am following the instructions in:
keytool error: java.security.KeyStoreException: BKS not found

This is my usage:

keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize 2048 -validity 10000 -keypass android -keystore /Users/djames/dropbox/bc146keystore/debug.keystore -storepass android -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/bcprov-jdk16-146.jar -dname "CN=Android Debug, OU=Android, O=Android, L=Whitefish, S=MT, C=US"

I am getting the following error:

keytool error: java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
    at sun.security.tools.KeyTool.parseArgs(KeyTool.java:375)

I have seen the -provider path option recommended in countless web posts (including the one above) and when I run keytool -help it confirms the syntax is legal:

keytool usage:  ...   
-genkeypair  [-v] [-protected]
         [-alias <alias>]
         [-keyalg <keyalg>] [-keysize <keysize>]
         [-sigalg <sigalg>] [-dname <dname>]
         [-validity <valDays>] [-keypass <keypass>]
         [-keystore <keystore>] [-storepass <storepass>]
         [-storetype <storetype>] [-providername <name>]
         [-providerclass <provider_class_name> [-providerarg <arg>]] ...
         [-providerpath <pathlist>]

I also tried the following alternative (per http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html):

  1. deleting the -providerpath option of the keytool command,
  2. placing the bcprov-jdk16-146.jar inside the {$JAVA_HOME/lib/ext} folder
  3. adding security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider to the java.security file.

But it still failed.

Any ideas on what I can do differently to succeed in creating a BKS keystore?

Community
  • 1
  • 1
gymshoe
  • 7,495
  • 5
  • 20
  • 21

4 Answers4

4

It's many years since, but I am attempting this too.

The answer is that you have the parameters in the wrong order. The -providerpath needs to come before the -providerclass parameter.

I hope that helps someone in future searching for a solution.

cbn
  • 404
  • 5
  • 16
2

I was never able to succeed with Keytool. This is what I did to solve the problem instead: I made a copy of the default debug.keytool (a JKS type keystore) that was created by Eclipse (Indigo, SR2) automatically the first time an android program is run in Eclipse, and used Portecle (http://portecle.sourceforge.net/) to convert this to a BKS type keystore. Now this is the tricky part: If I now used the BKS version of debug.keytool in place of the original, I got an "Android packaging error" in Eclipse “java.io.IOException: Invalid keystore format” whenever I would try to run the android program. However, if I left the original JKS version of debug.keytool in the default directory where Eclipse created it, then I could use the BKS version of the debug.keytool in the Android program's /resources/raw subfolder and have Android open it and recognize it. Jim

gymshoe
  • 7,495
  • 5
  • 20
  • 21
1

An easy alternative is to use Portecle to generate the BKS:

  1. Download the needed Boucycastle Provider
  2. Replace bcprov.jar in your Portecle install directory (example: C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required.
  3. Restart Portecle and generate your BKS truststore.

More explanations here.

L. G.
  • 9,642
  • 7
  • 56
  • 78
1

I am trying to do SSL connection with certificates, so to support in Android I need to use jks / bks files as trust store.

So generated jks file tried in android SSLSocket connection, But throws exception that jks not able to read. So I have to add Boncycastle provider to JVM and create bks using jks file

Download the Bouncycastle provider jar file and place under below path:

C:\Program Files\Java\jre1.8.0_191\lib\ext

Update the java.security file by adding provider for the following file 

C:\Program Files\Java\jre1.8.0_191\lib\security\java.security

Add the provider 

security.provider.12=org.bouncycastle.jce.provider.BouncyCastleProvider

Close command prompt and open execute command to get bks file like below:

keytool -importkeystore -srckeystore <input>.jks -destkeystore <required_bks_file_name>.bks -srcstoretype JKS -deststoretype BKS -srcstorepass <jsk file password> -deststorepass <jsk file password> -provider org.bouncycastle.jce.provider.BouncyCastleProvider

Now you can bks file in your folder.

Thanks

sssvrock
  • 549
  • 7
  • 8