3

how to create a .bks keystore in java sun keytool, what should i do?

C:\Program Files\Java\jdk1.6.0\jre\bin>keytool -genkey -alias server3private -ke
ystore server3.private -storetype BKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Coun
try" -storepass tahirpw -keypass tahirpw

it gives me error

keytool error: java.security.KeyStoreException: BKS not found

Qaiser Mehmood
  • 975
  • 6
  • 21
  • 33
  • http://stackoverflow.com/questions/4065379/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-ce – guido Jul 28 '11 at 23:04

1 Answers1

17

Your error indicates that keytool tries to instantiate a BKS keystore but no Cryptographic Service Provider (CSP) is able to provide such an implementation. BKS keystore type is a type implemented by the BouncyCastle CSP.

Therefore there is 2 solutions:

  1. install this provider with Java. Oracle published along with Java a comprehensive documentation.

  2. pass to keytool the suitable options to indicate which CSP should be used and its location:

-storetype BKS                                               <- keystore type
-provider org.bouncycastle.jce.provider.BouncyCastleProvider <- CSP implementation
-providerpath /path/to/bouncycastle.jar                      <- Path to the CSP jar file
Jcs
  • 13,279
  • 5
  • 53
  • 70
  • I have tried your directions using keytool with java for Mac OSX, and get the following error: "java.lang.RuntimeException: Usage error, ?providerpath is not a legal command." When I try the "keytool -help" though, it shows that "-providerpath" *is* a legal command for -genkeypair command, so it should work... Any thoughts on why it won't work for me? Thanks! – gymshoe Aug 21 '12 at 03:10
  • If anyone else is wondering: `bouncycastle.jar` is the signed **provider** jar file on http://www.bouncycastle.org/latest_releases.html named `bcprov-[...].jar` – Corbie Oct 23 '20 at 07:15