Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Determine if keystore type is pkcs12 or jks (programmatically)

Tags:

java

keystore

Is there an easy way to determine the keystore type in java? The keystore file does not have an extencion but i know it may be either jks or pkcs12.

At the moment im using something like this:

public static boolean isJks(File f) throws Exception{   
    KeyStore ks = null;

    FileInputStream fis = null;

    try {
        fis = new FileInputStream(f);
        ks = KeyStore.getInstance("jks");
        ks.load(fis, null);
        return true;
    } catch (IOException e) {
        if(fis != null){
            fis.close();
        }
        fis = new FileInputStream(f);
        ks = KeyStore.getInstance("pkcs12");
        ks.load(fis, null);
        return false;
    } finally {
        if(fis != null){
            fis.close();
        }
    }
}

Is there a easier way of doing this? If not then is this the way to go or should it be improved?

like image 644
user1985273 Avatar asked May 21 '14 08:05

user1985273


People also ask

How do I know my keystore type?

In order to view/convert a KeyStore type, click on View/Convert KeyStore Type of the opened KeyStore window. The available KeyStore types are: jks - Java KeyStore (Oracle's KeyStore format); pkcs12 - Public-Key Cryptography Standards #12 KeyStore (RSA's Personal Information Exchange Syntax Standard);

What is the difference between PKCS12 and JKS?

The biggest difference between JKS and PKCS12 is that JKS is a format specific to Java, while PKCS12 is a standardized and language-neutral way of storing encrypted private keys and certificates.

What is keystore type for JKS file?

JKS is a Java-specific file format that was the default format for KeyStores until Java 8. Starting from Java 9, PKCS#12 is the default KeyStore format. Despite JKS, PKCS#12 is a standardized and language-neutral format for storing encrypted data. The PKCS#12 format is also known as PKCS12 or PFX.


2 Answers

You can follow instructions from this answer. Basically, for JKS keystore you can check the magic number which is a few bytes in the beginning of the file. The expected magic value is 0xFEEDFEED. For PKCS12 it is not an easy thing to do, but you can check if the file is ASN1 structure, although potentially there could be other file formats based on ASN1, so your approach with loading a keystore may actually be the better one.

like image 189
username Avatar answered Sep 20 '22 15:09

username


This might be worth mentioning for those who come across this question in future. If you need to know the KeyStore type only in order to load it, it is easier post-JDK-8062552. You can simply specify the type as JKS and this will let you load both JKS and PKCS12 KeyStores. See example below:

private KeyStore loadKeyStore(String file, String password) {
    KeyStore keyStore;
    try (FileInputStream inputStream = new FileInputStream(file)) {
        keyStore = KeyStore.getInstance("JKS");
        keyStore.load(inputStream, password.toCharArray());
    } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
        throw new RuntimeException(e);
    }
    return keyStore;
}

However, if you load your KeyStore like this, keystore.getType() will always return JKS. So even if now you can read the KeyStore, you still won't know what was its type.

like image 21
automatictester Avatar answered Sep 22 '22 15:09

automatictester