Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keytool change key password using 'keypasswd' throws 'Alias has no key' error

Tags:

java

android

eclipse

keytool

I am trying to change the password of the private key in my keystore. Doing the following:

keytool -keypasswd -alias <alias name> -keystore <keystore path>

I get:

Enter keystore password: <keystore password>

Which returns:

keytool error: java.lang.Exception: Alias <ltsabreskey> has no key

This keystore was generated using a certificate that was extracted from a different keystore for which the password was lost. I'm trying to push an update to an existing app in the Play Store, can this be done with a newly generated keystore from the extracted certificate?

like image 239
arockburn Avatar asked Sep 24 '15 15:09

arockburn

1 Answers

NOTE: This answer applies to JKS and JCEKS keystore types and NOT PKCS12.

A keystore can hold a secret-key, key-pair (private key + certificate chain) or a certificate. You can identify these types by the these names respectively when you -list keystore -- SecretKeyEntry, PrivateKeyEntry and trustedCertEntry.

Of these the SecretKeyEntry and PrivateKeyEntry can be protected with their own password (could be different from the keystore password), if the keystore type is JKS or JCEKS. You cannot have different keystore and key password for PKCS12 keystore type, the key password has to be the same as the keystore password.

Now, you mentioned in your last statement that the keystore you were working on was created with a certificate that was exported from a different keystore. There are two different use-cases to adding a certificate to a keystore. When you want to trust a particular certificate, you can add just the certificate itself, this is called the truststedCertEntry. Or you can add/update the certificate for a key-pair. Which means the certificate being added will be associated with a private key, this is a PrivateKeyEntry.

The alias you are working with is a trustedCertEntry, which cannot have a keypass. So when you supply the keypasswd command against this alias, it will through you the 'no key' error, which is what you are seeing.

To answer your specific problem, you cannot do the action you are doing without the private key, you extracted the certificate from the original keystore, but it doesn't have the private key, and you cannot extract the private key without the password. So, in short, you need to recover your old keystore, if you are unable to, follow the play store guidelines on what to do if the original keystore is not recoverable.

like image 71
always_a_rookie Avatar answered Sep 22 '22 05:09

always_a_rookie
Sign in to Comment

Related questions

What is the best way to handle out of memory conditions in Java?
How to put and post links with Spring HATEOAS
API21 new DatePicker ShowWeekNumber Crash
Feature Flagging vs Authorization
Android rxJava Error handling with retrofit
Any way to remove trailing whitespace *FOR EDITED* lines in Eclipse [for Java]?
Creating a Java InputStream from an Enumerator[Array[Byte]]
JavaFX MenuItem can't be canceled by moving the mouse away
How to mock an Elasticsearch Java Client?
Infinite bogus pages in outpout docx using Apache Poi
Jackson JSON - Deserialize Commons MultiMap
Java Lambda Expression for Nested Loops with Conditional
Calculations of the path of the Sun
Error: Class not found when unmarshalling: com.facebook.login.Login Client Request
Deep Cloning of Collections in java [closed]
Which design pattern could I use for showing dialog boxes?
Java files have a red circle with J in it (android studio) [duplicate]
How to perform constraint solving with mixed data types?
Force warning when class is not closed
openOptionsMenu() will not work in appcompat-v7 22.1.0 or newer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!