-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8
-
None
-
x86
-
solaris
When running:
keytool -genkey -alias xx -keysize 1024 -keyalg DSA -keystore xxxx -storetype jks -providerName SUN"
The keystore and key could be generated successfully.
Then do:
keytool -list -v -keystore xxxx -storepass xxxxxx
We can see the Keystore provider is SUN, but not able to know the provider for the key.
Looks like there is no way to specify a specific provider for key generation in keytool.
If do:
keytool -genkey -alias xx -keysize 2048 -keyalg DSA -keystore xxxx -storetype jks -providerName SUN
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: x
What is the name of your organizational unit?
[Unknown]: x
What is the name of your organization?
[Unknown]: x
What is the name of your City or Locality?
[Unknown]: x
What is the name of your State or Province?
[Unknown]: x
What is the two-letter country code for this unit?
[Unknown]: x
Is CN=x, OU=x, O=x, L=x, ST=x, C=x correct?
[no]: y
keytool error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
From the error message, looks like the provider for key generation is not SUN but pkcs11. There should be a way to do that. Especially since we have plan to support 2048 DSA key in SUN provider in JDK 8, we should be able to specify using SUN as the key generation provider.
keytool -genkey -alias xx -keysize 1024 -keyalg DSA -keystore xxxx -storetype jks -providerName SUN"
The keystore and key could be generated successfully.
Then do:
keytool -list -v -keystore xxxx -storepass xxxxxx
We can see the Keystore provider is SUN, but not able to know the provider for the key.
Looks like there is no way to specify a specific provider for key generation in keytool.
If do:
keytool -genkey -alias xx -keysize 2048 -keyalg DSA -keystore xxxx -storetype jks -providerName SUN
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: x
What is the name of your organizational unit?
[Unknown]: x
What is the name of your organization?
[Unknown]: x
What is the name of your City or Locality?
[Unknown]: x
What is the name of your State or Province?
[Unknown]: x
What is the two-letter country code for this unit?
[Unknown]: x
Is CN=x, OU=x, O=x, L=x, ST=x, C=x correct?
[no]: y
keytool error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
From the error message, looks like the provider for key generation is not SUN but pkcs11. There should be a way to do that. Especially since we have plan to support 2048 DSA key in SUN provider in JDK 8, we should be able to specify using SUN as the key generation provider.
- relates to
-
JDK-8015258 Use stronger default algorithm for DSA in keytool and jarsigner
-
- Closed
-