There issue that use Java 8 keytool to create Java keystore using BC FIPS provider

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

There issue that use Java 8 keytool to create Java keystore using BC FIPS provider

Jeff Huang
Hello,

I used Java 8 keystool to create Java Keystore using BC FIPS provider. But
keytool -list command still show provider is SunJSSE. Is that ok?

keytool  -keystore  kafka.server.keystore.pk12   -alias   localhost  
-validity 720  -genkeypair  -keyalg RSA -keysize 2048 -storepass testfips  
-keypass  testfips -storetype PKCS12  -providerpath
/home/ec2-user/tmp/ssl-keys/bc-fips-1.0.2.jar -providerclass
org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider  -dname
CN=localhost   -ext   SAN=DNS:localhost

[ec2-user@localhost ssl-keys-bc]$ keytool -list  -providerpath
/home/ec2-user/tmp/ssl-keys/bc-fips-1.0.2.jar -providerclass
org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -keystore
kafka.server.keystore.pk12 -storetype pkcs12 -storepass testfips
Keystore type: PKCS12
Keystore provider: *SunJSSE*

Your keystore contains 1 entry

localhost, Sep 19, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1):
3C:6D:7C:3A:D4:A1:9F:9A:CF:5F:AC:C7:4D:50:5A:F4:14:DD:50:A2

thanks



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: There issue that use Java 8 keytool to create Java keystore using BC FIPS provider

Jeff Huang
Repeated same procedures on Java 11, it show Keystore provider is SUN.

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

localhost, Sep 19, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
E1:B7:3F:90:05:2C:7F:F0:BA:7D:E4:E5:E8:2E:9E:BD:BB:FE:D8:2D:A6:6B:78:AB:BE:C0:0F:BD:58:F7:CF:2D



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: There issue that use Java 8 keytool to create Java keystore using BC FIPS provider

Eckenfels. Bernd
You can try to specify -providername BCFIPS to make sure it is not trying other providers.

--
http://www.seeburger.com
________________________________________
From: Jeff Huang [[hidden email]]
Sent: Thursday, September 19, 2019 19:50
To: [hidden email]
Subject: [dev-crypto] Re: There issue that use Java 8 keytool to create Java keystore using BC FIPS provider

Repeated same procedures on Java 11, it show Keystore provider is SUN.

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

localhost, Sep 19, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
E1:B7:3F:90:05:2C:7F:F0:BA:7D:E4:E5:E8:2E:9E:BD:BB:FE:D8:2D:A6:6B:78:AB:BE:C0:0F:BD:58:F7:CF:2D



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html









SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.