Best IT Recipes

Unable to get key from KeyStore

I am trying to get the key from KeyStore. I created a Keytool keystore:

keytool -genkeypair -dname "cn = Mark Jones, ou = JavaSoft, o = Sun, c = US" -alias business2 -keypass abcdtest -keystore C: \ workspace \ XMLSample \ keystore \ mykeystore.jks -storepass 123456

And the following: GenerateXML.java

import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.X509Certificate; import javax.xml.crypto.dsig.XMLSignContext; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; public class GenerateXML { public static void main(String[] args) throws Exception { try { char[] passwd = "123456".toCharArray(); //Load the KeyStore and get the signing key and certificate KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("C:\\workspace\\XMLSample\\keystore\\mykeystore.jks"), passwd); KeyStore.PrivateKeyEntry keyEnt = (KeyStore.PrivateKeyEntry)ks.getEntry("business2", new KeyStore.PasswordProtection(passwd)); // -> ERROR IN THIS ROW X509Certificate cert = (X509Certificate)keyEnt.getCertificate(); //Create a DOMSignContext XMLSignContext context = new DOMSignContext(keyEnt.getPrivateKey(), doc.getDocumentElement()) ; //Create a DOM XMLSignatureFactory XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); } catch(Exception e) { e.printStackTrace(); throw new Exception(e.toString()); } } }

I am running on Java 1.6

But they have an error:

 java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:311) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:456) at java.security.KeyStore.getEntry(KeyStore.java:1261) at xml.generate.GenerateXML.main(GenerateXML.java:31)
+25
java ws-security
Aug 24 '09 at 10:20
source share
3 answers

It basically means 2 things

  • You had the wrong password.
  • Your keystore is corrupted in some way.

I suspect this is number 1. Double check your password. Try it if you can list the key in keytool with the same password.

+18
Aug 24 '09 at 10:54
source share

I ran into a similar problem. The root of the problem was that I used a different password for the key than for the entire keystore. The code is similar to the code in the JSSE article. It looks like this:

 serverKeyStore.load(new FileInputStream("resource/server.jks"), passphrase.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(serverKeyStore); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(serverKeyStore, keyphrase.toCharArray());

I use the key store pass in the first line, and the key passes last.

+21
Jun 23 '11 at 20:17
source share

On the ks.getEntry line, you specify the repository password. Instead, there should be a key. Replace the string with this and it will work:

 char[] keypwd = "abcdtest".toCharArray(); KeyStore.PrivateKeyEntry keyEnt = (KeyStore.PrivateKeyEntry) ks.getEntry("business2", new KeyStore.PasswordProtection(keypwd));
+9
Aug 26 '09 at 2:51
source share


More articles:


All Articles