KeyStore get key without password

Question

I need to know if its possible to retrieve a key from a KeyStore without providing the 'storepass'. The documentation here says that "When retrieving information from the keystore, the password is optional; if no password is given, the integrity of the retrieved information cannot be checked and a warning is displayed"

However when I try to get the Key without a password I get "java.lang.IllegalArgumentException: password can't be null" exception.

Following is how I created the KeyStore

keytool -genseckey -alias "myKey" -keystore KEYSTORE.jks -storepass "password" -storetype "JCEKS" -keyalg AES -keysize 128

And I tried to retrieve it as follows

final KeyStore keyStore = KeyStore.getInstance("JCEKS");
keyStore.load(new FileInputStream(new File("C:\\temp\\keytool\\KEYSTORE.jks")), 
  null);
final Key key = keyStore.getKey("myKey", null);

Which throws the following exception

java.lang.IllegalArgumentException: password can't be null
at com.sun.crypto.provider.SunJCE_z.<init>(DashoA13*..)
at com.sun.crypto.provider.JceKeyStore.engineGetKey(DashoA13*..)
at java.security.KeyStore.getKey(KeyStore.java:763)

Have I misunderstood the documentation completely? Is there any other way around this, as I don't see the point in storing the 'storepass' in clear in my code where everyone can see it, therefore making the password useless.

Answer 1

If storepass (which is used to access the private key) is not provided then it will try to use the keypass i.e. the keystore password, which you also don't provide.
That is why you get the exception.
You can not have both the keypass and storepass null
From your link:

For a -keypass option, if you do not specify the option on the command line, keytool will first attempt to use the keystore password to recover the private/secret key, and if this fails, will then prompt you for the private/secret key password