java keytool giving "final block not properly padded"

Question

Per step 3b of this Jetty guide for using Keytool and OpenSSL, last step, I'm doing the command:

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

When I run the command, I get: keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded

Do you know how to resolve this?

Answer 1

I also came across a similar issue. I realized finally that the destination keystore had a key password also specified. So I had to use an extra argument 'destkeypass' to import the keys successfully.

Answer 2

In my case, I had done some of the steps using Windows openSSL that I downloaded, and other steps using the openSSL already existing on the CentOs6 box. When I did all the steps on the CentOs/linux box, the error went away.

Secondary perhaps helful note linux openSSL and Godaddy, note when you begin the "create CSR" process, use 2048 in generating the site.key, namely:

openssl genrsa -des3 -out site.key 2048

----------------- update ------------------

I think this error is instead related to a password problem I made in the steps.

After one does:

openssl pkcs12 -export -inkey jetty.key -in cert-chain.txt -out jetty.pkcs12

the tool prompts, Enter Export Password:

This password entered, must then be used in the next step, the one I did was:

java -classpath jetty-util-6.1.19.jar:jetty-6.1.19.jar org.mortbay.jetty.security.PKCS12Import jetty.pkcs12 keystore

however per this documentation that step may apparently equally be:

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore