I'm trying to set up a DTLS server on Android based on the example java files from Californium.Scandium. Initially I ran into issues because the keystore and truststore were in jks format and I did not have the key passwords. Hence, I created my own PKCS12 keystore and truststore using Portecle.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
in = getResources().openRawResource(R.raw.keystore);
keyStore.load(in, KEY_STORE_PASSWORD.toCharArray());
KeyStore trustStore = KeyStore.getInstance("PKCS12");
inTrust = getResources().openRawResource(R.raw.truststore);
trustStore.load(inTrust, TRUST_STORE_PASSWORD.toCharArray());
After that, the code did not throw any errors during keystore loading but upon running the application I get this:
FATAL EXCEPTION: main
Process: com.example.admin.securesend, PID: 3402
java.lang.RuntimeException: Unable to start activity
ComponentInfo{com.example.admin.securesend/com.example.admin.securesend.DTLSServer}: java.lang.IllegalStateException: Keys must be ECDSA capable when support for an ECDHE_ECDSA based cipher suite is configured
Edit: I realised that my keys were created using SHA instead of ECDSA. I'm not very familiar with keystores and keys, so I'm assuming that my keystore is now valid and I just need to generate the appropriate keys for the system and plant them into the key. How do I create keys using ECDSA and transfer them into my keystore?
Ok, let's first get the terminology right:
For generating EC keys you can use keytool (with Java 7 or higher):
keytool -genkeypair -alias ec -keyalg EC -keysize 256 -sigalg SHA256withECDSA -validity 365 -storetype JKS -keystore ectest.jks -storepass 123456
This command generates a 256 bit EC key on a SEC curve (secp256r1) and a self signed certificate using ECDSA with SHA256.
If you prefer GUI tools, KeyStore Explorer is another way to generate EC keys:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With