"Wrong version of key store" error. How can I create a version=1 keystore certificate?

gymshoe picture gymshoe · Aug 15, 2012 · Viewed 15k times · Source

I am having trouble using SSL, as I am getting the following error related to my keystore (self-created and self-signed using keytool per: http://developer.android.com/tools/publishing/app-signing.html):

08-14 20:55:23.044: W/System.err(5430): java.io.IOException: Wrong version of key store. 08-14 20:55:23.060: W/System.err(5430): at org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(JDKKeyStore.java:812) ...

The error thrown in the JDKKeyStore.java class arises in the following code:

Blockquote From JDKKeyStore.java:
if (version != STORE_VERSION) { if (version != 0) { throw new IOException("Wrong version of key store."); } }

Blockquote

In this case STORE_VERSION = 1, and my version=3 based on reading the details of the certificate held by the keystore I have created. I do not know how to generate a keystore containing a version=1 certificate.

I found this answer helpful: wrong version keystore when doing https call

however it calls for creating the keystore using the following parameters:

-storetype BKS
-provider org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath /path/to/bouncycastle.jar

However, when I try to create the keytool (using the terminal app on Mac) using these parameters:

keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize 2048 -validity 10000 -keypass android -keystore /Users/djames/dropbox/bc146keystore/debug.keystore -storepass android -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/

(where /Users/djames/dropbox/bc146keystore/ is the path to the bouncy castle jar: bcprov-jdk16-146.jar)

I get the following error:

keytool error: java.lang.RuntimeException: Usage error, ?providerpath is not a legal command java.lang.RuntimeException: Usage error, ?providerpath is not a legal command at sun.security.tools.KeyTool.parseArgs(KeyTool.java:375) at sun.security.tools.KeyTool.run(KeyTool.java:171) at sun.security.tools.KeyTool.main(KeyTool.java:166)

I do not understand what this is telling me. If I use: keytool -help it tells me that the following are valid options for the -genkeypair option:

-genkeypair [-v] [-protected] [-alias ] [-keyalg ] [-keysize ] [-sigalg ] [-dname ] [-validity ] [-keypass ] [-keystore ] [-storepass ] [-storetype ] [-providername ] [-providerclass [-providerarg ]] ... [-providerpath ]

But in the Oracle docs java version 6 that I am using (http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html)
it tells me that these are the options:

-genkeypair {-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-validity valDays} {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerClass provider_class_name {-providerArg provider_arg}} {-v} {-protected} {-Jjavaoption}

which does not include the -providerpath option. Why the discordance? (If I do not use the -providerpath option, then I get an unknown class exception at the option: "-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider"...)

When I google: keytool -providerpath
I get nothing helpful to resolve this.

I am not sure how to solve my keystore version problem without solving my keytool problem. Any suggestions appreciated.

Jim

(Mac OSX 10.6.8 if relevant)

Answer

Ryan picture Ryan · Apr 17, 2013

My problem was using a version of bouncy castle that was too new. I had to use 146 - any later and it gave me this error.