I'm trying to convert a Java JCEKS keystore to PKCS12 that contains two symmetric keys, one AES and one 3DES.
The AES key gets imported into the PKCS12 file just fine but not the 3DES key.
The command I'm using is:
"c:\Program Files\Java\jdk-10.0.1\bin\keytool.exe" -importkeystore -srckeystore D:\temp\ssc.jceks -srcstoretype jceks -destkeystore D:\temp\ssc.p12 -deststoretype pkcs12
I'm getting the following error message:
java.security.KeyStoreException: Key protection algorithm not found: java.security.NoSuchAlgorithmException: unrecognized algorithm name: DESede
This is with Java 10.0.1, I've also tried Java 8u171 and Java 11 EA 17.
Keytool can list the JCEKS keystore just fine with:
"c:\Program Files\Java\jdk-10.0.1\bin\keytool.exe" -list -keystore D:\temp\ssc.jceks -storepass xxxxx -storetype jceks -v
Any idea on how to import 3DES key into PKCS12 keystores?
Thanks.
Looks like the default SunJSSE Provider which implements the PKCS12 KeyStore doesn't support the DESede algorithm.
Your best bet is to have them in the JCEKS keystore (it is proprietary to Java, but the PKCS#11 standard is to not store non-private keys. Even if you have to do, DESede may not be supported because AES is considered much more secure than DESede and is the industry standard.)