I'm trying to add BouncyCastle as a security provider on Windows XP Pro so I can use it to add some certs to an Android application per the instructions here. Unfortunately I can't get it to add the provider.
I've:
- Downloaded the provider to
C:\Program Files\Java\jre6\lib\ext\
. - Added
C:\Program Files\Java\jre6\lib\ext\bcprov-jdk16-146.jar
to%CLASSPATH%
. - Added
security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
to java.security (7 being the next int in the order).
When I run:
keytool -import -v -trustcacerts -alias 0 -file mycert.crt -keystore mystore.bks -storetype BKS -providerName org.bouncycastle.jce.provider.BouncyCastleProvider -storepass mypassword
I get the following error message:
keytool error: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
I've also tried adding it dynamically:
import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class BouncyCastleMain {
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider()); // add it
try { // list them out
Provider p[] = Security.getProviders();
for (int i = 0; i < p.length; i++) {
System.out.println(p[i]);
for (Enumeration<?> e = p[i].keys(); e.hasMoreElement开发者_Go百科s();)
System.out.println("\t" + e.nextElement());
}
} catch (Exception e) {
System.out.println(e);
}
}
}
At first I got an access error when compiling the java class, but changed it to a warning per the suggestion here. Now when I run the code it shows BouncyCastle in the list of providers but it doesn't stick around after the program is done.
I'm sure it must be doable, but I'm stymied over how to get this guy installed long enough to run keytool using it. Is it possible to run keytool via a java API, or could there be some step I've missed that will make the provider stick around?
Thanks!
The -providerName
option requires a provider name ("BC", in this case), not a class name. An alternative option, -providerClass
, does require a class name, and it is useful when the provider isn't registered in the java.security
file.
When you register a provider "programatically", it is only temporary. Your program must re-register its provider each time it runs. You won't be able to use this approach if your goal is to make BouncyCastle available to keytool
.
Since you've already installed the provider (by putting the archive in lib/ext
and listing it in java.security
), using the -providerName BC
option is probably the easiest solution. Alternatively, you can use the -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
option.
By the way, you should not use the CLASSPATH
environment variable. Libraries in lib/ext
are on the class path already.
If, after correcting the options, you still get a NoSuchProviderException
(using -providerName
) or ClassNotFoundException
(using -providerClass
), verify that you are using the right copy of keytool
. That is, when executing, specify the full path of keytool
, rather than relying on your PATH
variable. Make sure that the path refers to the JRE into which BouncyCastle was installed. It isn't uncommon for a system to have multiple JREs and JDKs.
If you are on Windows, don't forget to start command line as administrator to enter keytool commands.
精彩评论