7

I'm trying to create key storage using Keytool with my algorithms.

I've made up custom java.security.provider with extended classes of SignatureSPI, MessagedigestSPI and KeyPairGeneratorSPI, and staticly installed it.

Problem I encountered is when i'm trying to create storage using:

keytool -alias something -genkeypair -keyalg GOST2001KeyPairGenerator -sigalg GOST2001Signature -providerclass ru.test.security.test_provider -storetype pkcs12 -keystore test_keystore

I get my debug messages and a error:

GOST2001KeyPairGenerator initialize
GOST2001KeyPairGenerator generateKeyPair
GOST2001Signature engineInitSign
keytool error: java.lang.RuntimeException: internal error! unrecognized algorithm name: GOST2001Signature

Strange thing is that algorithm actually starting to execute but being called unrecognized afterwards. Can't get a clue what's going wrong.

Artem Gulyamshaev
  • 153
  • 6
  • Did you try to get it to work with a simple Java program first? I don't think your provider will be recognized unless it is signed by Oracle. – President James K. Polk Jun 01 '12 at 22:33
  • I did. 1. I've tested all my classes using addProvider. 2. Then I've added it staticly and just called standart methods using instances of my algorithms from java program again. Everything works just fine till I use Keytool, that's where problem comes out. – Artem Gulyamshaev Jun 02 '12 at 11:57
  • Thanks, can you please post a complete stack trace? This [link](http://bouncy-castle.1462172.n4.nabble.com/Unable-to-create-GOST3410-keypair-with-keytool-td1463711.html) may indicate some bad news. – President James K. Polk Jun 02 '12 at 16:49
  • upper messages is all I get. It's completely executes engineInitSign and then just prints that internal error. – Artem Gulyamshaev Jun 07 '12 at 10:13
  • How did you register your security provider? Jars are in the $JAVA_HOME/jre/lib/ext and provider class is added into the $JAVA_HOME/jre/lib/security/java.security like `security.provider.XXX=foo.bar.SecurityProvider`, rigth? – szhem Oct 19 '12 at 04:45

2 Answers2

1

Well, it's hard to tell what's going on without being able to look at the progress that the program is making within your algorithm. Try tracking the parts of your program that actually work with debugging messages, etc. so you know what works and what doesn't.

If there is a RuntimeException maybe it gets stuck in a loop. And if the algorithm GOST2001Signature is unrecognizable odds are there could be an issue there. If it worked once maybe you don't initialize it a second time. Usually when part of a program I wrote works once but not a second time I forgot to initialize something causing it to alter the outcome, etc.

Good luck. I hope my suggestions help.

fudge22it
  • 103
  • 1
  • 2
  • 13
1

Here what i did:

  • You will need to make a jar of you custom provider and the classes it needs.
  • Next you need to put that jar in: C:\Program Files\Java\jre6\lib\ext
  • Add the security.provider.7=my.package.MyProvider to java.security (7 being the next int in the order).
  • Use the option -providerName MYPROVIDERNAME on key tool command line
  • If you plan to use the -providerClass make sure you use the fully qualified name, not only the class name.

That should do it..

If not, after correcting the options, you still get a NoSuchProviderException (using -providerName) or ClassNotFoundException (using -providerClass), verify that you are using the right copy of keytool. That is, when executing, specify the full path of keytool, rather than relying on your PATH variable. Make sure that the path refers to the JRE into which your provider was installed. Many systems (like mine) have multiple JRE/JDK installed.

Good luck.

Frank
  • 16,476
  • 7
  • 38
  • 51
  • Awarded the bounty without being able to test the correctness, and unfortunately the author was not able to respond in time either. It seems like a sensible answer though. – Maarten Bodewes Oct 21 '12 at 17:03
  • Many thx, It did work for me, so i hope it will help some of you. – Frank Oct 21 '12 at 17:53
  • Original problem was because of keytool couldn't recognize algorithm in runtime. It has nothing to do with provider as you can see up in question. I've installed provider properly, java hooked it up and started calling methods. Anyways It's nice your answer helped out someone. Question is no longer actual for me though, I've managed to create PKCS#12 container through OPENSSL API. – Artem Gulyamshaev Oct 22 '12 at 17:11