ThanmaDW
Reputation: 89
How to convert the PKCS12 openssl keystore to JKS keytstore with Java Keytool
Step i make key:
Create a Private Key
openssl genrsa -des3 -out client.key 2048Generate a Self-Signed Certificate
openssl req -key client.key -new -x509 -days 365 -out client.crt -subj "/C=xxx/ST=yyy/L=zzz/O=aaa/CN=localhost"Convert PEM to PKCS12
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12Convert the PKCS12 openssl keystore to JKS keytstore with Java Keytool
keytool -importkeystore -destkeystore client_keystore.jks -deststoretype jks -deststorepass 1234567abc -srckeystore client.p12 -srcstoretype pkcs12 -srcstorepass 1234567abc
I got error:
keytool error: java.io.IOException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly padded
How to fix it, where was i wrong?
Upvotes: 1
Views: 13555
Answers (2)
Chris Owens
Reputation: 1137
One problem is that not all PCKS12 providers are exactly 100% compatible. I experienced the same error, and I was able to fix it by changing srcstoretype from 'PKCS12' to 'BCPKCS12'
This may help: https://cryptosense.com/bouncycastle-keystore-security/
Upvotes: 1
user207421
Reputation: 310840
-srcstorepass 1234567abc
You didn't specify a password when you created the PKCS#12 file. Where did you get this from?
You can do the entire process with the keytool -genkey option as a one-liner.
Upvotes: 1
Related Questions
- Converting a Java Keystore into PEM Format
- Java keytool yields "keystore password was incorrect" when trying to import a PKCS12 to JKS
- How do I import a PKCS12 certificate into a java keystore?
- Java keytool : Importing PKCS12 to jks , getting error keystore password was incorrect
- PKCS12 to JKS conversion failure
- convert .pem to jks with out key file
- Convert or import SSL certificate to java keystore
- Convert Java JCEKS keystore containing 3DES key to PKCS12
- programatically reading java keystore file jceks using openssl
- Convert CA-signed JKS keystore to PEM