[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] JDK 1.2 keytool and IAIKKeyStore




>From what I can gather from the Sun JDK 1.2 keytool documentation
and IAIK's architecture, it *should* be possible to use IAIK
as a provider for the sun keytool front end to the KeyTool class.
However, I am having some difficulty doing this, and I am wondering
if it is more due to the Blackdown port (Linux) of the JDK
than anything else.

Here are the steps I have taken.

1. Modified the $JAVA_HOME/lib/java.security properties file
to include IAIK as a provider:

security.provider.2=iaik.security.provider.IAIK

(I've also tried 1, for whatever that is worth; the
sun comments in this file indicate that 1 means "default")

2. (This step does not seem strickly necessary, but I
did it in the course of my experimentation)  Modify
this same file to set the default keystore type to IAIKKeyStore:

keystore.type=IAIKKeyStore

(NOTE: The sun keytool documentation indicates that this property
is not case sensitive; perhaps it is therefore doing a toLowerCase()
or toUpperCase()?)

3. Made sure the IAIK jar files are in my classpath.  (NOTE: JDK1.2
makes it more difficult to overload sun's classes...)

4. Ran

linux% keytool -genkey -alias fred -keypass blahblah -storetype IAIKKeyStore \
-keystore iaik.keystore -storepass jeckel -v -J-verbose

I get the error

keytool error: IAIKKeyStore not found

Now, I couldn't just stop there!  (Not like I have anything better to do...)
I hacked around Sun's source code that comes with the JDK, and it turns
out that the java.security.Provider.loadProvider class does not seem to
be working correctly with IAIK's iaik.security.provider.IAIK class.
In particular, the test

	obj instanceof Provider

in Provider.loadProvider fails when iaik.security.provider.IAIK
is passed as a parameter.

I wonder if this is because these classes were compiled under 1.1.
Is that the case?  The documentation does say that iaik.security.provider.IAIK
extends java.security.Provider.

Interesting.  Any ideas?

-- 
Fred Dushin                      mailto:fadushin@syr.edu


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce