BouncyCastle安装问题

Question

I'm trying to add BouncyCastle as a security provider on Windows XP Pro so I can use it to add some certs to an Android application per the instructions here . Unfortunately I can't get it to add the provider.

I've:

1. Downloaded the provider to C:\\Program Files\\Java\\jre6\\lib\\ext\\ .
2. Added C:\\Program Files\\Java\\jre6\\lib\\ext\\bcprov-jdk16-146.jar to %CLASSPATH% .
3. Added security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider to java.security (7 being the next int in the order).

When I run:

keytool -import -v -trustcacerts -alias 0 -file mycert.crt -keystore mystore.bks -storetype BKS -providerName org.bouncycastle.jce.provider.BouncyCastleProvider -storepass mypassword 

I get the following error message:

keytool error: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider

I've also tried adding it dynamically:

import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class BouncyCastleMain {

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider()); // add it
        try { // list them out
            Provider p[] = Security.getProviders();
            for (int i = 0; i < p.length; i++) {
                System.out.println(p[i]);
                for (Enumeration<?> e = p[i].keys(); e.hasMoreElements();)
                    System.out.println("\t" + e.nextElement());
            }
        } catch (Exception e) {
            System.out.println(e);
        }
    }
}

At first I got an access error when compiling the java class, but changed it to a warning per the suggestion here . Now when I run the code it shows BouncyCastle in the list of providers but it doesn't stick around after the program is done.

I'm sure it must be doable, but I'm stymied over how to get this guy installed long enough to run keytool using it. Is it possible to run keytool via a java API, or could there be some step I've missed that will make the provider stick around?

Thanks!

Answer 1

The -providerName option requires a provider name ("BC", in this case), not a class name . An alternative option, -providerClass , does require a class name, and it is useful when the provider isn't registered in the java.security file.

When you register a provider "programatically", it is only temporary. Your program must re-register its provider each time it runs. You won't be able to use this approach if your goal is to make BouncyCastle available to keytool .

Since you've already installed the provider (by putting the archive in lib/ext and listing it in java.security ), using the -providerName BC option is probably the easiest solution. Alternatively, you can use the -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider option.

By the way, you should not use the CLASSPATH environment variable. Libraries in lib/ext are on the class path already.

If, after correcting the options, you still get a NoSuchProviderException (using -providerName ) or ClassNotFoundException (using -providerClass ), verify that you are using the right copy of keytool . That is, when executing, specify the full path of keytool , rather than relying on your PATH variable. Make sure that the path refers to the JRE into which BouncyCastle was installed. It isn't uncommon for a system to have multiple JREs and JDKs.

Answer 2

如果您使用的是Windows，请不要忘记以管理员身份启动命令行以输入keytool命令。