RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

Wang Weijun
Hi All

Please take a look at

   http://cr.openjdk.java.net/~weijun/8192988/webrev.00/

With this fix, "keytool -storepasswd" and "keytool -importkeystore" on a PKCS12 keystore will change the keypass as well with the storepass.

Thanks
Max

Reply | Threaded
Open this post in threaded view
|

Re: RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

Sean Mullan
It looks like you converted p12importks.sh from shell code to java in
JKStoPKCS12.java, right? I think you should still include 8010125 in the
@bug label in JKStoPKCS12.java though.

Otherwise, looks good, one question though:

If you are converting a JKS keystore to a PKCS12 keystore using keytool
-importkeystore and the deststorepass and destkeypass are different, is
it an error, or does it ignore the destkeypass and use deststorepass?

--Sean

On 12/7/17 10:21 PM, Weijun Wang wrote:

> Hi All
>
> Please take a look at
>
>     http://cr.openjdk.java.net/~weijun/8192988/webrev.00/
>
> With this fix, "keytool -storepasswd" and "keytool -importkeystore" on a PKCS12 keystore will change the keypass as well with the storepass.
>
> Thanks
> Max
>
Reply | Threaded
Open this post in threaded view
|

Re: RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

Wang Weijun


> On Dec 13, 2017, at 11:36 PM, Sean Mullan <[hidden email]> wrote:
>
> It looks like you converted p12importks.sh from shell code to java in JKStoPKCS12.java, right?

Yes, and modified a little.

> I think you should still include 8010125 in the @bug label in JKStoPKCS12.java though.

OK.

>
> Otherwise, looks good, one question though:
>
> If you are converting a JKS keystore to a PKCS12 keystore using keytool -importkeystore and the deststorepass and destkeypass are different, is it an error, or does it ignore the destkeypass and use deststorepass?

Ignored.

"Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value."

This is not a new behavior.

Thanks
Max

>
> --Sean
>
> On 12/7/17 10:21 PM, Weijun Wang wrote:
>> Hi All
>> Please take a look at
>>    http://cr.openjdk.java.net/~weijun/8192988/webrev.00/
>> With this fix, "keytool -storepasswd" and "keytool -importkeystore" on a PKCS12 keystore will change the keypass as well with the storepass.
>> Thanks
>> Max