Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8194749

password handling with keytool -cacerts

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Description

      keytool has a -cacerts flag to operate on the internal cacerts file (thanks!).
      BUT:
       keytool still wants a storepass, even though it obviously knows how to read from the cacerts file, and there is little security here since all cacerts files have the same well-known storepass. The keytool docs say """When retrieving information from the keystore, the password is optional. If no password is specified, then the integrity of the retrieved information can't be verified and a warning is displayed."""

      BUT:
       $ keytool -list -cacerts -storepass bogus
      keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

      It is possible to get the data, but you have to get the prompt, then ENTER (null password) to get the desired output.

       $ keytool -list -cacerts
      Enter keystore password:

      ***************** WARNING WARNING WARNING *****************
      * The integrity of the information stored in your keystore *
      * has NOT been verified! In order to verify its integrity, *
      * you must provide your keystore password. *
      ***************** WARNING WARNING WARNING *****************

      Keystore type: JKS
      Keystore provider: SUN

      Your keystore contains 80 entries
      ...

      All of this seems to make no sense. With keytool -cacerts, java should just access the cacerts using whatever means it normally uses (I'm not sure how ... does it hard-code the well-known password?)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              martin Martin Buchholz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: