Menu
Is there an easy way to determine the keystore type in java? The keystore file does not have an extencion but i know it may be either jks or pkcs12.
At the moment im using something like this:
public static boolean isJks(File f) throws Exception{
KeyStore ks = null;
FileInputStream fis = null;
try {
fis = new FileInputStream(f);
ks = KeyStore.getInstance("jks");
ks.load(fis, null);
return true;
} catch (IOException e) {
if(fis != null){
fis.close();
}
fis = new FileInputStream(f);
ks = KeyStore.getInstance("pkcs12");
ks.load(fis, null);
return false;
} finally {
if(fis != null){
fis.close();
}
}
}
Is there a easier way of doing this? If not then is this the way to go or should it be improved?
644
In order to view/convert a KeyStore type, click on View/Convert KeyStore Type of the opened KeyStore window. The available KeyStore types are: jks - Java KeyStore (Oracle's KeyStore format); pkcs12 - Public-Key Cryptography Standards #12 KeyStore (RSA's Personal Information Exchange Syntax Standard);
The biggest difference between JKS and PKCS12 is that JKS is a format specific to Java, while PKCS12 is a standardized and language-neutral way of storing encrypted private keys and certificates.
JKS is a Java-specific file format that was the default format for KeyStores until Java 8. Starting from Java 9, PKCS#12 is the default KeyStore format. Despite JKS, PKCS#12 is a standardized and language-neutral format for storing encrypted data. The PKCS#12 format is also known as PKCS12 or PFX.
You can follow instructions from this answer. Basically, for JKS keystore you can check the magic number which is a few bytes in the beginning of the file. The expected magic value is 0xFEEDFEED. For PKCS12 it is not an easy thing to do, but you can check if the file is ASN1 structure, although potentially there could be other file formats based on ASN1, so your approach with loading a keystore may actually be the better one.
189
This might be worth mentioning for those who come across this question in future. If you need to know the KeyStore type only in order to load it, it is easier post-JDK-8062552. You can simply specify the type as JKS and this will let you load both JKS and PKCS12 KeyStores. See example below:
private KeyStore loadKeyStore(String file, String password) {
KeyStore keyStore;
try (FileInputStream inputStream = new FileInputStream(file)) {
keyStore = KeyStore.getInstance("JKS");
keyStore.load(inputStream, password.toCharArray());
} catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
throw new RuntimeException(e);
}
return keyStore;
}
However, if you load your KeyStore like this, keystore.getType() will always return JKS. So even if now you can read the KeyStore, you still won't know what was its type.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
