iKeyman Readme

This set of instructions are to demonstrate the invocation of IBM key tool (iKeyman).

·iKeyman depends on “ibmjceprovider.jar, “ibmjcefw.jar”,  “ibmpkcs11.jar”,  “ibmpkcs.jar” along with the appropiate JCE policy jurasdiction files. The sample code that invokes iKeyman assumes these 4 jars files reside under the same directory as iKeyman's jar, i.e.

"LOCAL_PATH/jre/lib/ext/gskikm.jar"
"LOCAL_PATH/jre/lib/ext/ibmjceprovider"
"LOCAL_PATH/jre/lib/ext/ibmjcefw"
"LOCAL_PATH/jre/lib/ext/ibmpkcs11.jar"
"LOCAL_PATH/jre/lib/ext/ibmpkcs.jar"

where "LOCAL_PATH" is the JAVA installation directory.

·Update "LOCAL_PATH/jre/lib/security/java.security" file and replace
"security.provider.2=com.ibm.crypto.provider.IBMJCA" with
"security.provider.2=com.ibm.crypto.provider.IBMJCE"

Note that the IBMJCE provider must be placed after the default SUN JCA provider that is available with the JRE.

·Update "LOCAL_PATH/jre/lib/security/java.security" file and add
"security.provider.3=com.ibm.crypto.pkcs11.provider.IBMPKCS11"
if PKCS11 hardware crypto is needed.

·UNIX Only:  Go to directory "LOCAL_PATH/demo/ikeyman" and enter:

"jar -xvf SampleIKEYMAN.jar"

·Windows and OS/2 Only:  Go to directory "LOCAL_PATH/docs/ikeyman/samples".

·Enter "ikeyman".  The "iKeyman" window will appear to manage X509 certificates, certificate requests, and RSA keys in the supported key databases (files).

Note: The key tool is based on 3 default KeyStore types, PKCS12KS, JKS, JCEK. It tries to get KeyStore instances from them. If any type fails, this type then won't be shown in the supported key file list.