Re: JCE Keystore Bug ???

Jan Luehe (luehe@laguna.eng.sun.com)
Tue, 2 Feb 1999 13:36:39 -0800 (PST)

Date: Tue, 2 Feb 1999 13:36:39 -0800 (PST)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: JCE Keystore Bug ???
To: java-security@java.Sun.COM, puga@tis.com

Ralph:

> I wanted to report a possible bug with the rc1 version of the JCE. I am
> writing Java code that creates and stores secret keys into a privately
> implemented keystore. I initially create the key using JCEKS and the
> SunJCE provider. I then generate a 3Des key using the KeyGenerator
> class. Next, I use setKeyEntry to store the Secret key into my
> keystore, however I don't provide any certificates for the key since I
> don't need them for my application.
>
> The problem: When I attempt to retrieve the key from the keystore using
> getKey, I receive an error which appears to me as an ASN.1 error. This
> doesn't make sense to me since there are no certs used to create the key
> and the documentation states that certs are unessessary if you are not
> using private keys. I have included the error message below.

The keystore implementation that shipped with JCE 1.2 RC1
only supports storage of private keys (with their supporting
cert chains) and public-key certificates - like its
counterpart in JDK 1.2 does. You get an ASN.1 error because
private keys are stored in the "EncryptedPrivateKeyInfo" format
defined in PKCS #8. Your secret key was interpreted as a private
key.

I have added support for storing secret (session) keys in
the JCE keystore. This feature will be available in the
upcoming JCE 1.2 FCS release.

Thanks,

Jan