Java keystore and password settings

Java

I have the following problems on Java keystores and keytool I assume that the keystore may have multiple certificates As I tried, I can create a keystore through keytool, and to access this keystore, I must set a password In addition, to access each certificate entry, I must set a password Do you have to use the same password for the keystore and entry? If not (I think it's reasonable to do so) why the following code:

char[] pwd = new char[]{'s','e','c','r','t'};
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream("myPersonal.keystore"),pwd);
kmf.init(ks,pwd);//fails here with exception

Give me the following exceptions?

Exception in thread "main" java.security.UnrecoverableKeyException: Cannot recover key
    at sun.security.provider.KeyProtector.recover(UnkNown Source)
    at sun.security.provider.JavaKeyStore.engineGetKey(UnkNown Source)
    at sun.security.provider.JavaKeyStore$JKS.engineGetKey(UnkNown Source)
    at java.security.KeyStore.getKey(UnkNown Source)

Secret is to access the keystore I created through keytool mypersonal Password for keystore There are 2 entries for certificates, 1 DSA and 1 RSA Each password library has different passwords (and each other) Now the code is correct, because if I use a keystore and one of the certificate entries has the same password as the keystore, there is no exception and the program runs normally

So what's the problem here? Shouldn't I have a different password? Shouldn't I have many certificates? Or what?

Solution

According to API, keymanagerfactory The init method accepts the password used to retrieve the key from the keystore Since there is only one password parameter, all keys are expected to have the same password If one of the keys uses a different password, you will see an error because the password for that particular keystore entry is incorrect

The simplest solution is to use the same password for all entries in the keystore If you set up to maintain different passwords for each entry, you may need to consider building your own custom security elements, such as keymanager

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>