Android keystore corrupted

Question

After a while of not updating my applications in the Play Store I tried to sign one of my APK with my keystore, only to find that the keystore and alias password doesn't work anymore. The keystore password I was able to reset using this gist: gist.github.com/zach-klippenstein/4631307 and works fine now. This happens for two different keystores for two different applications.

Running keytool -list -keystore mykeystore resulted in:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

myalias, Dec 23, 2014, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 85:8F:69......

I am 100% sure that the alias password is the same as the keystore password, but it doesn't seem to work. I've tried signing the APK in Android Studio and with jarsigner -keystore mykeystore -storepass mykeystorepassword app-debug.apk myalias but the response is always: jarsigner: unable to recover key from keystore.

I tried moving the alias to a new keystore file with keytool -importkeystore -srckeystore mykeystore -destkeystore newkeystore -srcalias myalias it then asks me to enter new password for the new keystore and the password for the old keystore (both work), only after entering the alias password I get an exception:

Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Enter key password for <myalias>
keytool error: java.security.UnrecoverableKeyException: Cannot recover key

After some Googling I found that for some people the keystore stopped working after updating to another JDK version or Android Studio version, so I am wondering if that is the case for me also. The keystore was created in 2014 so I was probably on JDK7 at the time (I am now at 8). It is also suspicious two keystores mysteriously stop working..

Can this be fixed somehow?

EDIT:

I tried the solution from Jan and got the following results:

keytool -importkeystore -srckeystore mykeystore -destkeystore newkeystore -deststoretype pkcs12 gives me the same exception: keytool error: java.security.UnrecoverableKeyException: Cannot recover key.

After running this command: keytool -importkeystore -srckeystore newkeystore -srcstoretype pkcs12 -destkeystore finalkeystore -deststoretype jks I get this error: keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

SECOND EDIT:

I also tried signing the apk on a PC with JDK7, no luck.

THIRD EDIT:

I tried using the KeyStore Explorer and it opens the keystore file just fine and shows one entry (not expired). When I try to open the private key I get the same exception. Stacktrace:

java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.unlockEntry(KeyStoreExplorerAction.java:154)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.getEntryPassword(KeyStoreExplorerAction.java:123)
at net.sf.keystore_explorer.gui.actions.KeyPairPrivateKeyDetailsAction.doAction(KeyPairPrivateKeyDetailsAction.java:69)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:93)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
at java.awt.Component.processMouseEvent(Component.java:6535)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6300)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4891)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4713)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2750)
at java.awt.Component.dispatchEvent(Component.java:4713)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Answer 1

I had the exact same issue as yours and was getting the exact same results on trying Smoke Dispensers and other solutions as below:

keytool -importkeystore -srckeystore mykeystore -destkeystore newkeystore -deststoretype pkcs12 gives me the same exception: keytool error: java.security.UnrecoverableKeyException: Cannot recover key.

After running this command: keytool -importkeystore -srckeystore newkeystore -srcstoretype pkcs12 -destkeystore finalkeystore -deststoretype jks I get this error: keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

I however was able to get it to work after realizing that I was using the incorrect password for the alias. So try the below command and see if you are able to guess the right password and simultaneously change it to one which you can remember.

keytool -keypasswd  -alias mykey -keystore mykeystore

Answer 2

I would do this.

The command would error out on me each time:

keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v

keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -deststoretype pkcs12

After extracting the private key and storing as PKCS12, I think extracted my private key and put it back into a brand new Java Keystore:

keytool -importkeystore -srckeystore new.keystore -srcstoretype pkcs12 -destkeystore final.keystore -deststoretype jks

Answer 3

Try

keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -deststoretype pkcs12

and

keytool -importkeystore -srckeystore new.keystore -srcstoretype pkcs12 -destkeystore final.keystore -deststoretype jks

as suggested in this question.