Menu
I have the following question on java keystores and keytool. I assume that a keystore may have more than 1 certificates. As I have tried, via keytool I can create a keystore, and to access this keystore I have to set a password. Also to access each certificate entry I have to set a password. Is it mandatory to have the same password for the keystore and the entries? If not (and I think that it is reasonable to assume so) why is the following code:
char[] pwd = new char[]{'s','e','c','r','e','t'};
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream("myPersonal.keystore"), pwd);
kmf.init(ks, pwd);//fails here with exception
gives me the following exception?
Exception in thread "main" java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
secret is the password to access the keystore myPersonal.keystore which I created via keytool. There are 2 entries in it, for certificates, 1 DSA and 1 RSA. Each has a different password with keystore (and each other). Now the code is correct, because if I use a keystore with a single certificate entry having the same password as the keystore there is no exception and the program runs fine.
So what is the problem here? I should not have different passwords? I should not have many certificates? Or what?
977
From the logs: If you have your logs intact, then you can find the password in the Android Studio log files: Go to ~/Library/Logs -> AndroidStudio ->idea. log.
By default, Java has a keystore file located at JAVA_HOME/jre/lib/security/cacerts. We can access this keystore using the default keystore password changeit.
As specified by the API, the KeyManagerFactory.init method takes in the password used to retrieve the keys from the keystore. Since there is only one password parameter, it is expecting that the password for all the keys are identical. If a different password is used for one of the keys, then you get the error you saw as the password is incorrect for that particular keystore entry.
The simplest solution for you would be to use the same password for all the entries in the keystore. If you are set on maintaining different passwords for each entry, then you may have to look into building your own custom security elements, e.g., KeyManager.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
