Keytool with custom algorithms

Question

I'm trying to create key storage using Keytool with my algorithms.

I've made up custom java.security.provider with extended classes of SignatureSPI, MessagedigestSPI and KeyPairGeneratorSPI, and staticly installed it.

Problem I encountered is when i'm trying to create storage using:

keytool -alias something -genkeypair -keyalg GOST2001KeyPairGenerator -sigalg GOST2001Signature -providerclass ru.test.security.test_provider -storetype pkcs12 -keystore test_keystore

I get my debug messages and a error:

GOST2001KeyPairGenerator initialize
GOST2001KeyPairGenerator generateKeyPair
GOST2001Signature engineInitSign
keytool error: java.lang.RuntimeException: internal error! unrecognized algorithm name: GOST2001Signature

Strange thing is that algorithm actually starting to execute but being called unrecognized afterwards. Can't get a clue what's going wrong.

Answer 1

Well, it's hard to tell what's going on without being able to look at the progress that the program is making within your algorithm. Try tracking the parts of your program that actually work with debugging messages, etc. so you know what works and what doesn't.

If there is a RuntimeException maybe it gets stuck in a loop. And if the algorithm GOST2001Signature is unrecognizable odds are there could be an issue there. If it worked once maybe you don't initialize it a second time. Usually when part of a program I wrote works once but not a second time I forgot to initialize something causing it to alter the outcome, etc.

Good luck. I hope my suggestions help.

Answer 2

Here what i did:

• You will need to make a jar of you custom provider and the classes it needs.
• Next you need to put that jar in: C:\Program Files\Java\jre6\lib\ext
• Add the security.provider.7=my.package.MyProvider to java.security (7 being the next int in the order).
• Use the option -providerName MYPROVIDERNAME on key tool command line
• If you plan to use the -providerClass make sure you use the fully qualified name, not only the class name.

That should do it..

If not, after correcting the options, you still get a NoSuchProviderException (using -providerName) or ClassNotFoundException (using -providerClass), verify that you are using the right copy of keytool. That is, when executing, specify the full path of keytool, rather than relying on your PATH variable. Make sure that the path refers to the JRE into which your provider was installed. Many systems (like mine) have multiple JRE/JDK installed.

Good luck.