Message-Id: <199908270113.SAA21390@laguna.eng.sun.com>
Date: Thu, 26 Aug 1999 18:13:49 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Problem with storing key in KeyStore
To: java-security@java.Sun.COM, mr91525@sunwaw.poland.sun.com
Marek:
The keystore implementation of type "JKS" (which ships
with the JDK) can handle only public and private, but not
secret keys.
The type "SecretKey" is not defined in the JDK, it's
defined in the Java Cryptography Extension, or JCE.
The "JKS" keystore will try to parse your secret-key
material as a private key, which it assumes is ASN.1
encoded (according to PKCS#8). Since your secret key is
not ASN.1 encoded (there is no ASN.1 standard for secret keys),
the parsing will fail, raising the java.security.UnrecoverableKeyException
that you saw.
JCE 1.2 provides its own keystore implementation ("JCEKS")
which also supports storing secret keys.
Unfortunately, you won't be able to access JCE 1.2, which
is export restricted and can be downloaded only from
within the U.S. and Canada.
Jan
> I am a studen on Polish University (Warsaw University of Technology) and now
> I'm creating an application in Java 2.
>
> I would like to store SecretKey in KeyStore ("JKS" type) without any
Certificates. I have an
> exception that I don't really understand.
> method :
> keyStore.getKey(alias,pchar);
> makes exception
> java.security.UnrecoverableKeyException: DerInputStream.getLength():
lengthTag=35, too big.
>
> ... and it is no problem with password, but rather with storing keys :
> keyStore.setKeyEntry(alias, key, pchar, null);
> Can I give null Certificate chain for SecretKey or it is the reason my problem
and
> UnrecoverableKeyException ?
>
> My question: how to store SecretKeys without Certificates in "JKS" type
KeyStore. Have I to
> call the getEncoded() method on Key object and create my own keyStore format ?
> I will be greatful for your fast reply.
> (I use Cryptix 3.1 library and threre is no KeyStore provider implementation)