Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

keytool -list shows different aliases for p12 keystore, depending on whether you provide the password

Tags:

alias

private-key

keytool

pkcs#12

Really weird behaviour on a particular p12 file.

If I run

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug

I get,

Alias name: 1
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: xxxxxxxxxxxxxxxxx
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

and

Your keystore contains 1 entry

1, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

However, if I don't provide the password in the commands, 

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12

the output is different,

Alias name: 2
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: 2d36623161363935353a31336165303361636133313a2d38303030
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

and

Your keystore contains 1 entry

2, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

Specifically a different alias for the same key (the MD5 and SHA1 are still the same for the keys).

Any idea at all why this would be the case?

like image 405
seaders Avatar asked Aug 17 '14 13:08

seaders

1 Answers

Aliases are not quite a PKCS 12 concept. There is a Friendly Name attribute but it is very optional. So I would guess that Java is just making up the Alias names it reports. No idea why it would be different though, as the safe bag order should be the same.

like image 181
Tuntable Avatar answered Sep 29 '22 11:09

Tuntable
Sign in to Comment

Related questions

keytool can't find alias
Create alias for a specific command in cmd
SQLite alias of table name in UPDATE statement
How to use aliases in math operators in SQL?
In Perl, is there any difference between direct glob aliasing and aliasing via the stash?
Spaces in Cygwin/bash aliases?
PowerShell mkdir alias + Set-StrictMode -Version 2. Strange bug. Why?
How to make Emacs 's shell mode source my profile file?
Set alias with quotes and double quotes in command [duplicate]
git alias with optional parameter
Global Import/using Aliasing in .NET
Using tmux loses all my bash aliases, how can I get them to stay?
Alias for function
Is there a way to check if two objects are aliased in Java?
Can I use aliases in an INSERT statement?
Divide count by count(*) in SQL Server
Grails Criteria projections on joined table
How to define a DOSKEY alias for multiple commands?
Understanding Oracle aliasing - why isn't an alias not recognized in a query unless wrapped in a second query?
bash_aliases and awk escaping of quotes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!