how to generates JCEKS keystore in android

2019-04-14 01:44发布

问题:

I use

KeyStore store = KeyStore.getInstance("JCEKS");

But is make KeyStoreException

java.security.KeyStoreException: KeyStore JCEKS implementation not found

Reason is default security provider is bouncycastle in Android. Therefore I use

KeyStore store = KeyStore.getInstance("JCEKS", "SunJCE");

But is make NoSearchProviderException

java.security.NoSearchProviderException: SunJCE

回答1:

Android does not include the SunJCE security provider and therefore JCEKS is not a supported Keystore type (neither is the older JKS format).

To create a KeyStore you can either choose the BouncyCastle Keystore

KeyStore ks = KeyStore.getInstance("BKS");

or, from Android 4.3, the new AndroidKeyStore based on OpenSSL decdicated to store app-private keys (more details here)

KeyStore ks = KeyStore.getInstance("AndroidKeyStore");

And if you have a JCEKS Keystore you will have to convert it to BKS format with keytool:

keytool -importkeystore -srcstoretype JCEKS -srckeystore my.keystore -srckeypass my_password -destprovidername BC -deststoretype BKS -destkeypass my_new_password -destkeystore my.bks