如何生成JCEKS密钥存储在机器人 [英] how to generates JCEKS keystore in android

问题描述

我用

 密钥库存储= KeyStore.getInstance（JCEKS）;
 

不过是让KeyStoreException

  java.security.KeyStoreException：密钥库JCEKS实现未找到
 

原因是默认的安全提供者BouncyCastle的Andr​​oid中。 因此，我用

 密钥库存储= KeyStore.getInstance（JCEKS，了SunJCE）;
 

不过是让NoSearchProviderException

  java.security.NoSearchProviderException：了SunJCE
 

解决方案

Android不包含了SunJCE安全提供者，因此JCEKS是不支持的密钥库类型（无论是老JKS格式）。

要创建密钥库时，可以选择BouncyCastle的密钥库

 密钥库KS = KeyStore.getInstance（BKS）;
 

或者，从安卓4.3，新的 AndroidKeyStore 基于OpenSSL的decdicated存储应用程序，私有密钥（更多详细信息的这里）

 密钥库KS = KeyStore.getInstance（AndroidKeyStore）;
 

如果你有一个JCEKS密钥库，你将不得不将其转换为BKS格式密钥工具：

 密钥工具-importkeystore -srcstoretype JCEKS -srckeystore my.keystore -srckeypass MY_PASSWORD -destprovidername BC -deststoretype BKS -destkeypass my_new_password -destkeystore my.bks
 

I use

KeyStore store = KeyStore.getInstance("JCEKS");

But is make KeyStoreException

java.security.KeyStoreException: KeyStore JCEKS implementation not found

Reason is default security provider is bouncycastle in Android. Therefore I use

KeyStore store = KeyStore.getInstance("JCEKS", "SunJCE");

But is make NoSearchProviderException

java.security.NoSearchProviderException: SunJCE

解决方案

Android does not include the SunJCE security provider and therefore JCEKS is not a supported Keystore type (neither is the older JKS format).

To create a KeyStore you can either choose the BouncyCastle Keystore

KeyStore ks = KeyStore.getInstance("BKS");

or, from Android 4.3, the new AndroidKeyStore based on OpenSSL decdicated to store app-private keys (more details here)

KeyStore ks = KeyStore.getInstance("AndroidKeyStore");

And if you have a JCEKS Keystore you will have to convert it to BKS format with keytool:

keytool -importkeystore -srcstoretype JCEKS -srckeystore my.keystore -srckeypass my_password -destprovidername BC -deststoretype BKS -destkeypass my_new_password -destkeystore my.bks

这篇关于如何生成JCEKS密钥存储在机器人的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！