Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Change keystore password from no password to a non blank password

I have a jks keystore with no password. When I run the command

keytool -list -keystore mykeystore.jks 

And it prompts me for the keystore password, I simply hit 'enter'.

Please note that the keystore password IS NOT the default java password of 'changeit'. It is blank

When I try to run

keytool -storepasswd -keystore mykeystore.jks 

to change the password to a non blank string. It firsts prompts me for the current password. Simply hitting enter since it is blank says

keytool -storepasswd -keystore mykeystore.jks Enter keystore password: Keystore password is too short - must be at least 6 characters  

Just to confirm with everyone that the password is not 'changeit'

keytool -storepasswd -keystore mykeystore.jks Enter keystore password:  changeit keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect 

Any idea how I can change the keystore password if the existing password is blank?

like image 723
Matthew Kirkley Avatar asked Feb 26 '13 15:02

Matthew Kirkley


People also ask

Can I change the password of the keystore?

You can change the default keystore password as follows: Change the keystore password in the keystore using the following command: $ keytool -storepasswd -keystore /path/to/security/keystore. jceks -storetype JCEKS -storepass 'changeit' -new 'newPassword'

What is the default password for keystore?

In the Enter keystore password prompt, type the current password, which by default is changeit, and press Enter. The new password is saved to cacerts.

Can I create a keystore without password?

You cannot create a keystore with a blank password with keytool since a while, but you can still do it programmatically.


2 Answers

If you're trying to do stuff with the Java default system keystore (cacerts), then the default password is changeit.

You can list keys without needing the password (even if it prompts you) so don't take that as an indication that it is blank.

(Incidentally who in the history of Java ever has changed the default keystore password? They should have left it blank.)

like image 79
Timmmm Avatar answered Sep 22 '22 12:09

Timmmm


Add -storepass to keytool arguments.

keytool -storepasswd -storepass '' -keystore mykeystore.jks 

But also notice that -list command does not always require a password. I could execute follow command in both cases: without password or with valid password

$JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts 
like image 32
ijrandom Avatar answered Sep 18 '22 12:09

ijrandom