{"id":25,"date":"2012-07-11T17:34:00","date_gmt":"2012-07-11T17:34:00","guid":{"rendered":"https:\/\/freezion.com\/?p=25"},"modified":"2012-07-11T17:34:00","modified_gmt":"2012-07-11T17:34:00","slug":"getting-keytool-to-work-with-bouncycastle-in-ubuntu","status":"publish","type":"post","link":"https:\/\/freezion.com\/?p=25","title":{"rendered":"Getting Keytool to Work With BouncyCastle in Ubuntu"},"content":{"rendered":"

This isn’t going to be an earth shattering post of supreme l33t-ness, just a quick note so I don’t forget how to do this:<\/p>\n

If you want to get the Bouncy Castle provider working in Ubuntu – so you can do things like, say, update the cacerts.bks on an Android device with the PortSwiggerCA.crt to MiTM SSL traffic from a mobile device – you need to do the following things:<\/p>\n

    \n
  1. Download the Bouncy Castle Provider of your choice. As of this post, the version I’m using is here<\/a>.<\/li>\n
  2. Put the .jar file in the following directory:
    \n\/usr\/lib\/jvm\/java-6-sun\/jre\/lib\/ext<\/code><\/li>\n
  3. Add the following to \/usr\/lib\/jvm\/java-6-sun\/jre\/lsecurity\/java.security<\/code>:
    \nsecurity.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider<\/code><\/li>\n
  4. Run the following command:
    \nkeytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias PortSwiggerCA -file PortSwiggerCA.crt<\/code><\/li>\n<\/ol>\n
    For completeness, the cacerts.bks file can be pulled off the Android device using:
    \nadb pull \/system\/etc\/security\/cacerts.bks<\/code><\/div>\n
    <\/div>\n
    You’ll need to remount the \/system file system as read-write to push the modified one back, you can do that using the following command (from the adb shell):
    \n# mount -o rw,remount \/dev\/block\/system \/system<\/code><\/div>\n
    <\/div>\n
    A side note: it seems that IE9 and Chromium browser have decided to disallow the export of untrusted CA certificates (Older Firefox still allows it, but newer ones may not – I didn’t check). As a result, you may have difficulty getting a copy of the PortSwiggerCA.crt file. If you find yourself in that situation, you’re mostly screwed – unless you have the pro version of Burp, which has an export option.<\/div>\n","protected":false},"excerpt":{"rendered":"

    This isn’t going to be an earth shattering post of supreme l33t-ness, just a quick note so I don’t…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[11,28,32,34],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-crypto","tag-java","tag-keytool","tag-linux"],"_links":{"self":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=25"}],"version-history":[{"count":0,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/25\/revisions"}],"wp:attachment":[{"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}