Reputation: 139
pyjks saves jks file which cannot be opened by keytool
I want to use pyjks to load a keystore containing trusted certificates and I've been trying to add a trusted certificate, read from a file ('trust2.pub') into it.
import jks
ks = jks.KeyStore.load('trustore_file.jks', 'trustore_pass')
new_entry = jks.TrustedCertEntry.new("trust2", open('trust2.pub', 'rb').read())
# Since I have not found an explicit way to add a new TrustedCertEntry,
# I thought this would work (add the 'new_entry' in the ks.entries dict).
ks.entries['trust2']=new_entry
# save the file with the new cert.
ks.save('trustore_file.jks', 'trustore_pass')
This actually saves the jks file with the new entry, which I can see if I try to reload the file with the given password. But when I try to open it with keytool in ubuntu, or KeyStore Explorer in Windows, I get the following error:
java.io.IOException: Short read of DER length
So, maybe it's the way I add the new TrustedCertEntry in the jks file, but I could not know, since pyjks has no problem loading it.
If anybody can help on that, I would really appreciate it.
Thanks
Upvotes: 0
Views: 1045
Answers (1)
Reputation: 139
I figured it out. It was my mistake to import a .pub file. The correct file to import was a .cer file in X.509 format. So I'll leave this here if anyone else makes the same mistake.
Upvotes: 0
Related Questions
- Java keytool yields "keystore password was incorrect" when trying to import a PKCS12 to JKS
- keytool reports a pkcs12 keystore as 'jks'
- KeyStore not saving to file
- java keystore cannot recover key
- "java.io.IOException: Invalid secret key format" when opening JCEKS key store with Oracle Java 8 JRE 172
- Loading keystore on osx lion from file created with keytool
- Trouble instantiating a JavaKeyStore from file
- Failure to open JCEKS keystore with pyjks
- Keytool creates key with wrong password
- programatically reading java keystore file jceks using openssl