Home » Android » bouncycastle – Android bouncy castle: IOException

bouncycastle – Android bouncy castle: IOException

Posted by: admin June 15, 2020 Leave a comment

Questions:

I am using Sun’s keytool to create a Bouncy castle keystore and import a certificate into it. The keytool does produce a keystore in the Bouncy castle format.

I then attempt to import the Bouncy castle keystore into an Android program. I am able to get an
instance of the “BKS” keystore but calling load on the keystore throws

"java.io.IOException: Wrong version of key store".

This is the code

KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream is = new FileInputStream("/mnt/sdcard/ArcGIS/mystore.bks");
keyStore.load(is, "abcdef".toCharArray());

I tried various versions of the Bouncy castle JAR downloaded from http://www.bouncycastle.org/latest_releases.html

What am I doing wrong?

Thanks,
Ranjit

How to&Answers:

It seems the version of BouncyCastle shipped with Android 4.0.3 (API version 15) fails when trying to open keystores produced using the most recent BouncyCastle library. When I created a keystore using bcprov-jdk15on-147.jar, my sample Android app failed with the java.io.IOException: Wrong version of key store error.

However, if the keystore was created with the bcprov-jdk16-146.jar library, then it could be loaded by the application. My solution was to create the keystore with this older library.

Presumably this will also be the case for older API versions; try older versions of BouncyCastle when creating the keystore.

Answer:

Resolved. The keytool command was missing the “-storetype BKS” argument, so although the BKS keystore file was generated, it was probably invalid.

Answer:

This problem is due to your BKS-certificate password length, it must be less than or equal to 7 characters. This is a matter of U.S. policy and U.S. export controls (not due to technical reasons).

Re-export your certificate using a 7-character lenght and it will work.

Hope it helps