I try to generate a secret key in my *.keystore, but I always get
keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
The command is the following:
keytool -genseckey -keyalg DESede -keysize 168 -v -alias MyTestKey -keystore mykeystore.keystore
storetype: JCEKS
what is wrong?
UPDATE: ok, seems that -storetype jceks helped
is Keytool case sensitive? seems like it is not?
Please check if your keystore is in JKS format. Refer to this link and note case sensitivity.
Related
I am trying to install a client certificate in my JVM to call a https soap service, but when running the
keytool -import command I get the below error:
**
keytool error: java.lang.Exception: Certificate not imported, alias already exists
**
Here is the command I am using, please note I am using Java11
**
C:\Softwares\java-11-openjdk-11.0.7.10-1.windows.redhat.x86_64\lib\security>keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx"
**
Please suggest.
Every entry in the java keystore is identified by a key called alias. It has to be unique for a given keystore. If you don't provide one, the default value the keytool uses is mykey. Looks like there is an entry with mykey already in your keystore. All you have to do is give a name yourself. You can do this using the alias attribute, like this:
keytool -import -keystore cacerts -file "C:\Softwares\client.certificate.pfx" -alias third_party_ca
You can use any name as long as it is unique.
Unable to get SHA1 key, it is showing error about path, Keystore file doesn't exist.
Tried multiple numbers of solutions,
I am using the following command
keytool -list -v -keystore c:\users\your_user_name\.android\debug.keystore -alias androiddebugkey -storepass android -keypass android
The keystore file does not exists, you have to create it yourself.
Here is the procedure : Generate android release and debug keystores
I had the same problem but I tried below command and interestingly it worked for me under Windows 10.
keytool -list -keystore debug.keystore
Using keytool from the command-line, I added a new cert to a store. But the anger-inducing window manager that I find myself currently stuck with manages to fail at cut-and-paste, and replaced one of the characters of the alias with a ? character. How do I change or delete that alias?
keytool -list -keystore truststore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
hail.ucc.nau.edu:8636-cert-1?, Dec 1, 2017, trustedCertEntry,
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1?'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1?> does not exist
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1\?'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1\?> does not exist
.....
keytool -delete -keystore truststore -alias 'hail.ucc.nau.edu:8636-cert-1'
Enter keystore password:
keytool error: java.lang.Exception: Alias <hail.ucc.nau.edu:8636-cert-1> does not exist
Thanks for any assistance,
- rob.
The special character you are seeing, may not be that actual character as suggested by #Pavel Lechev in the comment. If the keytool delete doesn't work, you can use the KeyStore Explorer software to do it. It has nice GUI providing all the keytool functionalities.
Or you could write a small tool/class using KeyStore api to delete your unwanted alias. You could list out all the aliases, identify it, and delete it (to identify the alias, you could do startsWith()).
In Java 8 the option -importpassword was added to keytool. It works with JKECS storetype:
$ keytool -importpassword -storetype JCEKS -alias alias
Enter the password to be stored:
Re-enter password:
$keytool -list -storetype JCEKS -keypass "" -keystore mystore.jceks
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 1 entry
alias, Apr 7, 2016, SecretKeyEntry,
Trying to extract it, I get the error:
keytool error: java.lang.Exception: Alias <alias> has no certificate
My question is: How do I extract the password?
Looks like the keytool is lacking the capability to extract/export the password imported using the -importpass command. But you can view the password using KeyStore api, using the below code:
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new FileInputStream(new File("KEYSTORE_FILE")), "KEYSTORE_PASSWORD".toCharArray());
SecretKey passwordKey = (SecretKey) ks.getKey("ALIAS", "KEY_PASSWORD".toCharArray());
System.out.println(new String(passwordKey.getEncoded()));
I'm trying to create certificate key-store file with command line but it gives me an exception:
c:\Program Files\Java\jre7\bin>keytool.exe -genkey -alias srccodes -keyalg AES -
keystore C:\srccodes.jks -keysize 128
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Cannot derive signature algorithm
-genkey option is for generating a public key and associated private key, so it only works with asymmetric algorithm (AES is symmetric so you can't use -genkey with it).
Use -genseckey instead. Note also that JKS can not store non public-key pairs, so you must use JCEKS format, to specify this add -storeType JCEKS, finally your command must be:
keytool.exe -genseckey-alias srccodes -keyalg AES -keystore C:\srccodes.jceks -keysize 128 -storeType JCEKS
For more info take a look at: Keytool documentation
Hope this helps,