[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] keytool and iaik-jce interactions



I installed the demo version of IAIK-JCE 2.6 beta 1 (iaik_jce_full.jar) into the lib/ext folder of the jre1.2.2 and changed the java.security entries about providers and the keystore type in the following way:

...
security.provider.1=iaik.security.provider.IAIK
security.provider.2=sun.security.provider.Sun
...
#keystore.type=jks
keystore.type=IAIKKeyStore
...

These are the only changes I made.

With this setup, in particular with the jce iaik_jce_full.jar in the lib/ext folder, I'm able to use the JDK "keytool" to generate an RSA keypair. (It doesn't seem to work simply with the iaik_jce_full.jar on the CLASSPATH).

However, when trying to generate a certification signing request (CSR), keytool aborts with a
> keytool error: iaik.asn1.structures.Name
error.

It seems to be a problem with the IAIK provider. The Sun provider can correctly generate a DSA keypair (*note* DSA, not RSA as it was done with the IAIK provider) and the corresponding CSR with the same data (in particular with the same distinguished name). I even tried to restore the original jks keystore type with IAIK as the primary provider: no improvements.

Anybody with a good tip or workaround, apart from doing the job programmatically?
Did I forget something important in the configuration described above?

Moreover, is it possible to specify the exponent of RSA somehow with keytool? Many CA only sign CSR specifying usual exponents (3, 17, 65537).

Thanks
Raffaello Giulietti


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce