Geek Answers Handbook

How to change KKKS12 key password using keytool?

I cannot change the KEYSTARK PKCS password using keytool (java 8). When I tried to change the key password:

keytool -keypasswd -keystore keystore.p12 -storetype PKCS12 -storepass oldpass -keypass oldpass -new newpass keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12

This means that the key password cannot be changed for the PKCS12 key store. Then I tried to change the keystore password:

 keytool -storepasswd -keystore keystore.p12 -storetype PKCS12 -storepass oldpass -new newpass Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -new value. keytool error: java.io.FileNotFoundException: keystore.p12 (Access is denied)

This means that we must change the keystore password and the key password together. But there is no command to change both. What can I do?

+6
source share
2 answers

You can import the PKCS12 file into another PKCS12, where you can specify a new password for the new PKCS12 file. You can then use the new PKCS12 file or delete the previous one and rename the new file name with the old file name. This is not a direct path, but it fulfills the goal. Sample code given by bewlow

 keytool -importkeystore -srckeystore DocCA.p12 -srcstoretype PKCS12 -srcstorepass 123456 -destkeystore DocCA2.p12 -deststoretype PKCS12 -deststorepass 11223344

Here DoCA.p12 is the existing PKCS12 with the password 123456, which is exported to the DocCA2.p12 file with the password 11223344.

+13
source

I know the question is about using keytool , but if this is not a strict requirement, you can use openssl instead:

  1. Export certificates and keys to temp.pem without password protection. This will ask you online to decrypt the password:

     openssl pkcs12 -in keystore.p12 -out temp.pem -nodes

  2. Export from temp.pem to a new PKCS # 12 file. In interactive mode, you will be prompted to enter a new encrypted password:

     openssl pkcs12 -export -in temp.pem -out keystore-new.p12

  3. Delete temporary file:

     rm temp.pem

This It is important that you do this in a folder where no one has read permission, because while the temp.pem file is temp.pem , the keys inside can be read.

0
source

More articles:


All Articles