keystore secured by hash - hash

I have test.jks file where password is test1.
I would like authorize by hashed password.
Right now authorization looks like:
keytool test.jks -storepass test1
I want use password generated by md5pass. For example:
md5pass test1 xyz
$1$xyz$bqnG4BmfJcZTkNtM3IR74.
-storepass $1$xyz$bqnG4BmfJcZTkNtM3IR74

Related

Change Private Key file password with keytool command

I have only one option to change the password of private key file with "keytool" command only.
can you tell how i can change password with keytool command only.
i am getting error while trying to change password of private key file.
keytool -keypasswd -alias user.http.key -new TesP#s434
keytool error: java.lang.Exception: Keystore file does not exist: /root/.keystore

keytool error: java.lang.Exception: Certificate not imported, alias mykey already exists

I am trying to install a client certificate in my JVM to call a https soap service, but when running the
keytool -import command I get the below error:
**
keytool error: java.lang.Exception: Certificate not imported, alias already exists
**
Here is the command I am using, please note I am using Java11
**
C:\Softwares\java-11-openjdk-11.0.7.10-1.windows.redhat.x86_64\lib\security>keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx"
**
Please suggest.
Every entry in the java keystore is identified by a key called alias. It has to be unique for a given keystore. If you don't provide one, the default value the keytool uses is mykey. Looks like there is an entry with mykey already in your keystore. All you have to do is give a name yourself. You can do this using the alias attribute, like this:
keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx" -alias third_party_ca
You can use any name as long as it is unique.

delete a cert from a truststore when the alias has unusual characters (?)

Using keytool from the command-line, I added a new cert to a store. But the anger-inducing window manager that I find myself currently stuck with manages to fail at cut-and-paste, and replaced one of the characters of the alias with a ? character. How do I change or delete that alias?
keytool -list -keystore truststore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
hail.ucc.nau.edu:8636-cert-1?, Dec 1, 2017, trustedCertEntry,
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1?'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1?> does not exist
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1\?'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1\?> does not exist
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1> does not exist
Thanks for any assistance,
- rob.
The special character you are seeing, may not be that actual character as suggested by #Pavel Lechev in the comment. If the keytool delete doesn't work, you can use the KeyStore Explorer software to do it. It has nice GUI providing all the keytool functionalities.
Or you could write a small tool/class using KeyStore api to delete your unwanted alias. You could list out all the aliases, identify it, and delete it (to identify the alias, you could do startsWith()).

Keystore password is too short - must be at least 6 characters for import

I wanted to use https://stackoverflow.com/a/7094044/384674 for importing pem into p12, but keystore password is 5 characters and keytool is complaining it needs to be 6 :-/
keytool -import -alias alias -keystore ./trust.p12 -storetype PKCS12 -file new.pem
Enter keystore password:
Keystore password is too short - must be at least 6 characters
edit:
There was a comment, this is not working in some of later versions of keytool but comment was removed, please be aware or let us know as I do not know version I was testing with.
What I found is, that when you specify -storepass as a parameter, validation is not active.

Checking the possibility to store passwords with Java keytool

In Java 8 the option -importpassword was added to keytool. It works with JKECS storetype:
$ keytool -importpassword -storetype JCEKS -alias alias
Enter the password to be stored:
Re-enter password:
$keytool -list -storetype JCEKS -keypass "" -keystore mystore.jceks
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 1 entry
alias, Apr 7, 2016, SecretKeyEntry,
Trying to extract it, I get the error:
keytool error: java.lang.Exception: Alias <alias> has no certificate
My question is: How do I extract the password?
Looks like the keytool is lacking the capability to extract/export the password imported using the -importpass command. But you can view the password using KeyStore api, using the below code:
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new FileInputStream(new File("KEYSTORE_FILE")), "KEYSTORE_PASSWORD".toCharArray());
SecretKey passwordKey = (SecretKey) ks.getKey("ALIAS", "KEY_PASSWORD".toCharArray());
System.out.println(new String(passwordKey.getEncoded()));