diff --git a/security/jss/org/mozilla/jss/CryptoManager.java b/security/jss/org/mozilla/jss/CryptoManager.java
index 2d9d3662d743..b07d7c55619d 100644
--- a/security/jss/org/mozilla/jss/CryptoManager.java
+++ b/security/jss/org/mozilla/jss/CryptoManager.java
@@ -39,6 +39,7 @@ import java.security.cert.CertificateException;
 import java.security.GeneralSecurityException;
 import org.mozilla.jss.pkcs11.PK11Cert;
 import java.util.*;
+import org.mozilla.jss.pkcs11.KeyType;
 import org.mozilla.jss.pkcs11.PK11Token;
 import org.mozilla.jss.pkcs11.PK11Module;
 import org.mozilla.jss.pkcs11.PK11SecureRandom;
@@ -52,7 +53,7 @@ import org.mozilla.jss.provider.java.security.JSSMessageDigestSpi;
  * Initialization is done with static methods, and must be done before
  * an instance can be created.  All other operations are done with instance
  * methods.
- * @version $Revision: 1.18 $ $Date: 2003/05/09 18:57:15 $
+ * @version $Revision: 1.19 $ $Date: 2003/08/15 01:00:32 $
  */
 public final class CryptoManager implements TokenSupplier
 {
@@ -853,12 +854,17 @@ public final class CryptoManager implements TokenSupplier
                 instance.reloadModules();
             }
         }
-        if( values.installJSSProvider ) {
-            // Force class load before we install the provider. Otherwise we get
-            // an infinite loop as the Security manager tries to instantiate the
-            // digest to verify its own JAR file.
-            JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();
 
+        // Force class load before we install the provider. Otherwise we get
+        // an infinite loop as the Security manager tries to instantiate the
+        // digest to verify its own JAR file.
+        JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();
+        // Force the KeyType class to load before we can install JSS as a
+        // provider.  JSS's signature provider accesses KeyType.
+        KeyType kt = KeyType.getKeyTypeFromAlgorithm(
+            SignatureAlgorithm.RSASignatureWithSHA1Digest);
+
+        if( values.installJSSProvider ) {
             int position = java.security.Security.insertProviderAt(
                             new JSSProvider(), 1);
             // This returns -1 if the provider was already installed, in which
diff --git a/security/jss/org/mozilla/jss/pkcs11/KeyType.java b/security/jss/org/mozilla/jss/pkcs11/KeyType.java
index 0fa677576b54..4b1e47cf5e30 100644
--- a/security/jss/org/mozilla/jss/pkcs11/KeyType.java
+++ b/security/jss/org/mozilla/jss/pkcs11/KeyType.java
@@ -47,8 +47,14 @@ import org.mozilla.jss.crypto.EncryptionAlgorithm;
  * These are the possible types for keys in the
  * wrapper library.
  * Key types are implemented as flyweights.
+ *
+ * Although the KeyType class is public, it should
+ * be considered private. We made the KeyType class
+ * public so that we can force it to load during
+ * CryptoManager.initialize(), before we install JSS
+ * as a provider.
 **/
-final class KeyType {
+public final class KeyType {
     protected KeyType() {}
 
     protected KeyType(Algorithm[] algs, String name) {