Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

keytool -list shows different aliases for p12 keystore, depending on whether you provide the password

Really weird behaviour on a particular p12 file.

If I run

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug

I get,

Alias name: 1
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: xxxxxxxxxxxxxxxxx
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

and

Your keystore contains 1 entry

1, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

However, if I don't provide the password in the commands,

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12

the output is different,

Alias name: 2
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: 2d36623161363935353a31336165303361636133313a2d38303030
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

and

Your keystore contains 1 entry

2, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

Specifically a different alias for the same key (the MD5 and SHA1 are still the same for the keys).

Any idea at all why this would be the case?

like image 405
seaders Avatar asked Aug 17 '14 13:08

seaders


1 Answers

Aliases are not quite a PKCS 12 concept. There is a Friendly Name attribute but it is very optional. So I would guess that Java is just making up the Alias names it reports. No idea why it would be different though, as the safe bag order should be the same.

like image 181
Tuntable Avatar answered Sep 29 '22 11:09

Tuntable