Search code examples
bouncycastlekeystorekeytool

keytool error when creating BKS keystore: providerpath is not a legal command

I am trying to create a "bks" keystore using keytool (using terminal app on Mac OS X). I am following the instructions in:
keytool error: java.security.KeyStoreException: BKS not found

This is my usage:

keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize 2048 -validity 10000 -keypass android -keystore /Users/djames/dropbox/bc146keystore/debug.keystore -storepass android -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/bcprov-jdk16-146.jar -dname "CN=Android Debug, OU=Android, O=Android, L=Whitefish, S=MT, C=US"

I am getting the following error:

keytool error: java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
java.lang.RuntimeException: Usage error, ?providerpath is not a legal command
    at sun.security.tools.KeyTool.parseArgs(KeyTool.java:375)

I have seen the -provider path option recommended in countless web posts (including the one above) and when I run keytool -help it confirms the syntax is legal:

keytool usage:  ...   
-genkeypair  [-v] [-protected]
         [-alias <alias>]
         [-keyalg <keyalg>] [-keysize <keysize>]
         [-sigalg <sigalg>] [-dname <dname>]
         [-validity <valDays>] [-keypass <keypass>]
         [-keystore <keystore>] [-storepass <storepass>]
         [-storetype <storetype>] [-providername <name>]
         [-providerclass <provider_class_name> [-providerarg <arg>]] ...
         [-providerpath <pathlist>]

I also tried the following alternative (per http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html):

  1. deleting the -providerpath option of the keytool command,
  2. placing the bcprov-jdk16-146.jar inside the {$JAVA_HOME/lib/ext} folder
  3. adding security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider to the java.security file.

But it still failed.

Any ideas on what I can do differently to succeed in creating a BKS keystore?

Solution

  • I was never able to succeed with Keytool. This is what I did to solve the problem instead: I made a copy of the default debug.keytool (a JKS type keystore) that was created by Eclipse (Indigo, SR2) automatically the first time an android program is run in Eclipse, and used Portecle (http://portecle.sourceforge.net/) to convert this to a BKS type keystore. Now this is the tricky part: If I now used the BKS version of debug.keytool in place of the original, I got an "Android packaging error" in Eclipse “java.io.IOException: Invalid keystore format” whenever I would try to run the android program. However, if I left the original JKS version of debug.keytool in the default directory where Eclipse created it, then I could use the BKS version of the debug.keytool in the Android program's /resources/raw subfolder and have Android open it and recognize it. Jim