Because when I run keytool in cmf.exe fill all fields and keep asking me back
keytool -genkey -v -keystore [keystore_name].keystore -alias [alias_name] -keyalg RSA -keysize 2048 -validity 10000
Do not generate the keystore, after asking if everything is correct, and I put yes becomes responsive again. Because? I'm doing wrong?
Not sure what is going wrong for you. And it works for me.
Try giving all the parameters in one go, like this :
keytool -genkey -v -keystore test.jks -alias test
-keyalg RSA -keysize 2048 -validity 10000 -storepass test-keypass test-dname "CN=test.com,OU=Test,O=Test,L=Test,S=Test,C=Test"
This should store the keystore without prompting for confirmation.
I had the same issue, and I realized that it was because of my OS language (I have spanish by default), so when I answered with "si" it worked
Related
Hi i am currently trying to create a signed apk for a flutter app but I've encounter a problem. Based on official docs https://flutter.dev/docs/deployment/android " Note: The keytool command might not be in your path—it’s part of the Java JDK, which is installed as part of Android Studio. For the concrete path, run flutter doctor -v and locate the path printed after ‘Java binary at:’. Then use that fully qualified path replacing java (at the end) with keytool." and ive check and thats really my situation, now my question is how can i change the location "C:\Program Files\Android\Android Studio\jre\bin\java" to "C:\Program Files\Android\Android Studio\jre\bin\keytool". Thanks for any answer coz i have already search how exactly to do that but failed.
I have found a solution: Simply enter these into Windows command prompt.
italic bold cd C:\Program Files\Java\jdk1.7.0_09\bin
following: How can I find and run the keytool
Yeah Dude I actually solved it my own, I just read the https://flutter.dev/docs/deployment/android again it seams that I didnt change the keytool -genkey -v -keystore c:/Users/USER_NAME/key.jks (<-This is the problem, there is no path on my PC with that name, so just change it) -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key
To solved this issue:
Use this command keytool -genkey -v -keystore c:/Users/USER_NAME/key.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key and change the c:/Users/USER_NAME/ with an actual directory.
I wanted to use https://stackoverflow.com/a/7094044/384674 for importing pem into p12, but keystore password is 5 characters and keytool is complaining it needs to be 6 :-/
keytool -import -alias alias -keystore ./trust.p12 -storetype PKCS12 -file new.pem
Enter keystore password:
Keystore password is too short - must be at least 6 characters
edit:
There was a comment, this is not working in some of later versions of keytool but comment was removed, please be aware or let us know as I do not know version I was testing with.
What I found is, that when you specify -storepass as a parameter, validation is not active.
I'm trying to create certificate key-store file with command line but it gives me an exception:
c:\Program Files\Java\jre7\bin>keytool.exe -genkey -alias srccodes -keyalg AES -
keystore C:\srccodes.jks -keysize 128
Enter keystore password:
Re-enter new password:
keytool error: java.lang.Exception: Cannot derive signature algorithm
-genkey option is for generating a public key and associated private key, so it only works with asymmetric algorithm (AES is symmetric so you can't use -genkey with it).
Use -genseckey instead. Note also that JKS can not store non public-key pairs, so you must use JCEKS format, to specify this add -storeType JCEKS, finally your command must be:
keytool.exe -genseckey-alias srccodes -keyalg AES -keystore C:\srccodes.jceks -keysize 128 -storeType JCEKS
For more info take a look at: Keytool documentation
Hope this helps,
I wanted to create a certificate into a PKCS12 keystore format with keytool program.
The keystore has extension .pfx.
How do I achieve this?
If the keystore is PKCS12 type (.pfx) you have to specify it with -storetype PKCS12 (line breaks added for readability):
keytool -genkey -alias <desired certificate alias>
-keystore <path to keystore.pfx>
-storetype PKCS12
-keyalg RSA
-storepass <password>
-validity 730
-keysize 2048
Additional answer to the key of the question.
With JDK 8 (1.8.0_121-b13) you don't get an exception if you remove -storetype pkcs12 but the keytool creates a JKS keystore instead, and the .pfx extension is ignored.
It also asks for a -keypass mykeypassword which the keytool doesn't support for PKCS12.
%JAVA_HOME%/bin/keytool -genkeypair -alias mykey -keyalg EC -dname "cn=CN, ou=OU, o=O, c=C" -validity 365 -keystore keystore.pfx -keypass mykeypassword -storepass mystorepassword -v
(translated)
Generating keypair (Type EC, 256 Bit) and self-signed certificate (SHA256withECDSA) with a validity of 365 days
for: CN=CN, OU=OU, O=O, C=C
[keystore.pfx saved]
List the contents:
%JAVA_HOME%/bin/keytool -list -keystore keystore.pfx -storepass mystorepassword
(translated)
Keystore-Type: JKS
Keystore-Provider: SUN
Keystore contains 1 entry.
mykey, 25.04.2017, PrivateKeyEntry,
Certificate-Fingerprint (SHA1): A1:6C:5F:8F:43:37:1A:B6:43:69:08:DE:6B:B9:4D:DB:05:C9:D5:84
You see it's a Java keystore.
The next problem is, that even if you specify -storetype pkcs12 when you -list the keystore, the keytool will still display the store as a JKS keystore!
Let's try that:
%JAVA_HOME%/bin/keytool -genkeypair -alias mykey -keyalg EC -dname "cn=CN, ou=OU, o=O, c=C" -validity 365 -storetype pkcs12 -keystore keystore.pkx -keypass mykeypassword -storepass mystorepassword -v
(translated)
Warning: No support for different keystore and key password for PKCS12 keystores. The value of -keypass will be ignored.
Generating keypair (Type EC, 256 Bit) and self signed certificate (SHA256withECDSA) with a validity of 365 Days
für: CN=CN, OU=OU, O=O, C=C
[keystore.pkx saved]
Now list the contents:
%JAVA_HOME%/bin/keytool -list -keystore keystore.pkx -storepass mystorepassword
(translated)
Keystore-Type: JKS // ??
Keystore-Provider: SUN
Keystore contains 1 entry
mykey, 25.04.2017, PrivateKeyEntry,
Certificate Fingerprint (SHA1): EA:C2:36:C6:55:69:CB:32:22:C7:14:83:67:47:D2:7E:06:8E:13:14
I used the -validity property of the keytool to generate a keystore and self sign a jar. During the process, I saw the debug message that says
[info] Warning:
[info] This jar contains entries whose signer certificate will expire within six
months.
I am using the following commands,
keytool -genkey -alias signFiles -keypass mypass -keystore mystore -storepass mypass-alias store -validity 365
keytool -selfcert -keystore mystore -alias store
Am I doing something wrong here? Actually I wanted to sign the jar with a certificate for 1 year.
Cheers,
J
Add -validity 365 to your -selfcert command.