Keystore change passwords

Question

I currently have a keystore, with a particular password that only I should know. I now need to give access to that keystore to someone else, so I would like to either:

1) Change the password, so I can share it with others and let them sign
2) Create a different password and allow them to sign with it.

Is this possible? and - if yes - how?

Answer 1

[How can I] Change the password, so I can share it with others and let them sign

Using Java keytool:

Help for -storepasswd sub-command:

$ keytool -help -storepasswd
keytool -storepasswd [OPTION]...

Changes the store password of a keystore

Options:

 -new <arg>              new password
 -keystore <keystore>    keystore name
 -cacerts                access the cacerts keystore
 -storepass <arg>        keystore password
 -storetype <type>       keystore type
 -providername <name>    provider name
 -addprovider <name>     add security provider by name (e.g. SunPKCS11)
   [-providerarg <arg>]    configure argument for -addprovider
 -providerclass <class>  add security provider by fully-qualified class name
   [-providerarg <arg>]    configure argument for -providerclass
 -providerpath <list>    provider classpath
 -v                      verbose output

Use "keytool -?, -h, or --help" for this help message

Using the -storepasswd sub-command:

$ keytool -storepasswd -keystore /path/to/keystore
Enter keystore password:  changeit
New keystore password:  new-password
Re-enter new keystore password:  new-password

Answer 2

Changing keystore password

$ keytool -storepasswd -keystore keystorename
Enter keystore password:  <old password>
New keystore password: <new password>
Re-enter new keystore password: <new password>

Changing keystore alias password

$ keytool -keypasswd -keystore keystorename -alias aliasname
Enter keystore password:  
New key password for <aliasname>: 
Re-enter new key password for <aliasname>:

Note:

• keystorenam: name of your keystore (with path if you are in different folder)
• aliasname: alias name you used when creating (if name has space you can use \)

For example:

$ keytool -keypasswd -keystore keystorename -alias stop\ watch

Answer 3

For a full programmatic change (e.g. install program) and no prompting

#!/bin/bash -eu

NEWPASSWORD=${1}
OLDPASSWORD=${2}

keytool -storepasswd -new "${NEWPASSWORD}" \
  -storepass "${OLDPASSWORD}" \
  -keystore /path/to/keystore

Full disclosure: I DO NOT recommend running this command line in a shell, as the old and new passwords will be saved in the shell's history, and visible in console.

Answer 4

KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface.

1. Open an existing KeyStore
2. Tools -> Set KeyStore password

Answer 5

To change the password for a key myalias inside of the keystore mykeyfile:

keytool -keystore mykeyfile -keypasswd -alias myalias

Answer 6

There are so many answers here, but if you're trying to change the jks password on a Mac in Android Studio. Here are the easiest steps I could find

1) Open Terminal and cd to where your .jks is located

2) keytool -storepasswd -new NEWPASSWORD -keystore YOURKEYSTORE.jks

3) enter your current password

Answer 7

If the keystore contains other key-entries with different password you have to change them also or you can isolate your key to different keystore using below command,

keytool -importkeystore  -srckeystore mystore.jck -destkeystore myotherstore.jks -srcstoretype jceks
-deststoretype jks -srcstorepass mystorepass -deststorepass myotherstorepass -srcalias myserverkey
-destalias myotherserverkey -srckeypass mykeypass -destkeypass myotherkeypass

Answer 8

Keystore only has one password. You can change it using keytool:

keytool -storepasswd -keystore my.keystore

To change the key's password:

keytool -keypasswd  -alias <key_name> -keystore my.keystore