JDK-8054019 : Keytool Error publicKey's is not X.509, but X509
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7u21
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_2008
  • CPU: x86
  • Submitted: 2014-07-30
  • Updated: 2015-02-02
  • Resolved: 2014-09-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7u76Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.7.0_65"
Java(TM) SE Runtime Environment (build 1.7.0_65-b19)
Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
keytool error: java.lang.IllegalArgumentException: publicKey's is not X.509, but X509

java.lang.IllegalArgumentException: publicKey's is not X.509, but X509
        at sun.security.x509.CertAndKeyGen.generate(Unknown Source)
        at sun.security.tools.KeyTool.doGenKeyPair(Unknown Source)
        at sun.security.tools.KeyTool.doCommands(Unknown Source)
        at sun.security.tools.KeyTool.run(Unknown Source)
        at sun.security.tools.KeyTool.main(Unknown Source)


REGRESSION.  Last worked in version 7u21

ADDITIONAL REGRESSION INFORMATION: 
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
keytool -genkeypair -validity 3650 -v -alias tomcat -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -providername JsafeJCE -keystore keystore.p12 -storetype pkcs12

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It should create the Keystore.p12
ACTUAL -
keytool error: java.lang.IllegalArgumentException: publicKey's is not X.509, but X509

java.lang.IllegalArgumentException: publicKey's is not X.509, but X509
        at sun.security.x509.CertAndKeyGen.generate(Unknown Source)
        at sun.security.tools.KeyTool.doGenKeyPair(Unknown Source)
        at sun.security.tools.KeyTool.doCommands(Unknown Source)
        at sun.security.tools.KeyTool.run(Unknown Source)
        at sun.security.tools.KeyTool.main(Unknown Source)

ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool error: java.lang.IllegalArgumentException: publicKey's is not X.509, but X509

java.lang.IllegalArgumentException: publicKey's is not X.509, but X509
        at sun.security.x509.CertAndKeyGen.generate(Unknown Source)
        at sun.security.tools.KeyTool.doGenKeyPair(Unknown Source)
        at sun.security.tools.KeyTool.doCommands(Unknown Source)
        at sun.security.tools.KeyTool.run(Unknown Source)
        at sun.security.tools.KeyTool.main(Unknown Source)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Used earlier version for JDK 1.7.21 for now, but we cannot progress because we cannot use the latest JRE which has lot security issue fixed and most of the companies mandate that software should be compatible with the latest JRE


Comments
Simple fix. No errors in 7u-dev core-libs nightly with the fix. SQE OK to take it in PSU15_01.
06-11-2014

The certs don't seem to conform to standard and that may be an issue stemming from JSafe product. The ASN.1 data format for X509 keys should be "X.509" http://docs.oracle.com/javase/7/docs/api/java/security/Key.html#getFormat() Behavioural change introduced in https://jbs.oracle.com/bugs/browse/JDK-7109096
05-08-2014