Does android support .jks keystore type?

16
votes

I am trying to connect to server using keystore which is provided by server team.

While sending service call to server first i created KeyStore Instance by using following api

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

It’s returning the keystore type as “BKS”.

The Keystore what server team sent is of type “.jks”(somename.jks) So, I am getting exception “Wrong version of key store”.

I tried by passing “JKS” to getInstance() of KeyStore by following way

KeyStore keystore = KeyStore.getInstance("JKS");

But here I am getting exception “KeyStore JKS implementation not found”.

Here is the piece of code:

KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());

InputStream instream = mContext.getAssets().open("somename.jks");

try {
    trustStore.load(instream, "password".toCharArray());
} finally {
    try {
       instream.close();
    } catch(Exception ignore) {
    }
}

Please guide me to solve this problem.

2
androidsslkeystore
"jks" seems to be default. If this KeyStore is of type "jks", key must be encoded conform to the PKS#8 standard as an EncryptedPrivateKeyInfo. taken from here developer.android.com/reference/java/security/… and developer.android.com/reference/javax/crypto/…Sergey Benner

2 Answers

25
votes

I think Android support 'only' BouncyCastle KeyStores (known as BKS)... You still can use Portecle

To convert it from JKS to BKS, should work like a charm (at least it worked for me when trying to store my .CRT into a BKS format ! ;)

'only' meaning, easily here :p, else you'll have to manipulate stuffs

0
votes

Other option is to use KeyStore Explorer (downloadable executable for Mac and Windows available online) to switch to BKS (Bouncy Castle KeyStore). Should work good for Android. I had similar issues while using JKS.