Ziv Harpaz
Reputation: 13
Checking the possibility to store passwords with Java keytool
In Java 8 the option -importpassword was added to keytool. It works with JKECS storetype: $ keytool -importpassword -storetype JCEKS -alias alias Enter the password to be stored: Re-enter password:
$keytool -list -storetype JCEKS -keypass "" -keystore mystore.jceks
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 1 entry
alias, Apr 7, 2016, SecretKeyEntry,
Trying to extract it, I get the error:
keytool error: java.lang.Exception: Alias <alias> has no certificate
My question is: How do I extract the password?
Upvotes: 1
Views: 1708
Answers (1)
always_a_rookie
Reputation: 4840
Looks like the keytool is lacking the capability to extract/export the password imported using the -importpass command. But you can view the password using KeyStore api, using the below code:
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new FileInputStream(new File("KEYSTORE_FILE")), "KEYSTORE_PASSWORD".toCharArray());
SecretKey passwordKey = (SecretKey) ks.getKey("ALIAS", "KEY_PASSWORD".toCharArray());
System.out.println(new String(passwordKey.getEncoded()));
Upvotes: 2
Related Questions
- Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"
- keytool : Certificate import gives error message - Keystore was tampered with, or password was incorrect
- How to change the key password from an PKCS12 keystore
- How to delete already import certificate/alias by keytool command?
- Keystore generation with KeyTool command
- Using BKS with keytool resulting in Failed to establish chain from reply
- How to generate trusted self signed certificate with SHA2 signing algorithm using keytool?
- Java keytool commands not runnig from Process builder
- Can we do whatever we do using keytool with java.security apis like KeyPairGenerator etc