Is it possible to create JKS keystore file without a password?
You cannot create a keystore with a blank password with keytool since a while, but you can still do it programmatically.
Read a cert like this:
private static Certificate readCert(String path) throws IOException, CertificateException {
try (FileInputStream fin = new FileInputStream(path)) {
return CertificateFactory.getInstance("X.509").generateCertificate(fin);
}
}
Than create the keystore with the empty password like this:
try {
// Reading the cert
Certificate cert = readCert("/tmp/cert.cert");
// Creating an empty JKS keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
// Adding the cert to the keystore
keystore.setCertificateEntry("somecert", cert);
// Saving the keystore with a zero length password
FileOutputStream fout = new FileOutputStream("/tmp/keystore");
keystore.store(fout, new char[0]);
} catch (GeneralSecurityException | IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Run the command:
keytool -list -keystore keystore
It will ask for a password but you can simply push an enter. You will get the following warning, but the content of the keystore will be listed:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
This might work for you.
Do you not need a password to access a truststore (made with the java keytool)?
The password is used to protect the integrity of a keystore. if you don't provide any store password, you can still read the contents of the keystore. The command keytool -list
demonstrates this behavior (use it with an empty password).
Liberty - Can the keystore password be blank? String of length zero?
Using an empty string in your case I think will to load the keystore with empty string. The error you are getting is basically a bad password error, the error will be different depending the level of the JDK you are using. So with PKCS12 keystore even if the keystore is loaded with no password you can't get any cert inside of it, at least that's my experience with PKCS12. In JKS keystore you can access cert entries but not key entries.
In more recent Liberty levels the password is not required. And will load a JKS keystore without a password. But that keystore would not be able to used by a key manager, you need a password to access a key.
Is there a way to make keytool not prompt for password for the key?
There are parameters to specify key and store passwords
-keypass <your-pass>
and -storepass <your-pass>
E.g.
keytool -storepass pass123 -keypass pass123 -keystore keystore.jks -alias myalias -validity 99 -genkey -noprompt
keytool reference
Java SSL truststore seems to be accessible without specifying password?
Password is not required to read a trust store. No private key is involved.
You still need password to modify a trust store. Also, when reading a trust store, if the password is provided, it can be used to verify the integrity of the trust store.
ref - http://bayou.io/release/0.9/javadoc/bayou/ssl/SslConf.html#trustStorePass-java.lang.String-
How to create an empty java trust store?
Using keytool, create a random key pair:
keytool -genkeypair -alias boguscert -storepass storePassword -keypass secretPassword -keystore emptyStore.keystore -dname "CN=Developer, OU=Department, O=Company, L=City, ST=State, C=CA"
then delete it
keytool -delete -alias boguscert -storepass storePassword -keystore emptyStore.keystore
review its contents:
$ keytool -list -keystore emptyStore.keystore -storepass storePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries
Related Topics
Regular Expression to Validate Username
Java.Io.Filenotfoundexception: the System Cannot Find the File Specified
Splitting a String Containing Special Characters in to Individual Characters
Autowiring Httpservletrequest in Spring Controller
Limiting the Number of Characters in a String, and Chopping Off the Rest
Checking If a String Is Contained in an Enum Set in O(1)
How to Inject a Map Using the @Value Spring Annotation
How to Specify the Path for Getresourceasstream() Method in Java
How Find Given Number Is Octal or Not
Notifydatasetchanged() Makes the List Refresh and Scroll Jumps Back to the Top
Spring - Read Property Value from Properties File in Static Field of Class
Replacing Double Backslashes With Single Backslash
Spring Data JPA Saveall Not Doing Batch Insert
Generating Unique Random Numbers Effectively in Java
How to Create a Java Code to Check Multiple Question
Disable Spring Security Config Class for @Webmvctest in Spring Boot