I'm in the process of WS security. In my application user may give JKS file or PK12 file.
I load the keystore file using the following code,
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(inStream, "pass".toCharArray());
It is throwing Invalid keystore format
So is there any way to find if the file is JKS or PK12 or any other else?
Should I get it from the user what kind of file he is using?
I'm new to this, correct me if my understanding is wrong. I apology for wasting your time, if this is duplicate.
Related
My Keystore file was created a long time ago, when there was an option to create a Keystore file without a password.
I am currently working on a new version and want to secure my file.
When I use keytool and try to enter the previous empty password I get an error.
The same thing happens with KeyStore Explorer.
Am trying to read the installed certificates by using code
KeyStore ks = KeyStore.getInstance("Windows-MY")
ks.load(null, null)
Enumeration<String> enumeration = ks.aliases()
while (enumeration.hasMoreElements()) {
String string = (String) enumeration.nextElement()
System.out.println(string)
}
this code list out the installed certificates on windows but on linux doesn't? tried by changing the keystore providers also.
I'm not sure what you mean with "read browsers certificates".
Are you trying to read certificates from the default Java keystore? What's your goal?
KeyStore.getInstance(..) instantiates a keystore with a specific type (JKS, for example). When you want to read from a specific keystore, you need to specify the path to the keystore and make the KeyStore instance load that file.
See http://www.java2s.com/Code/Java/Security/RetrievingaKeyPairfromaKeyStore.htm for an example and https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html for more details.
Edited: updated answer after clarified question.
You can find more info on reading browser keystores in Linux on:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/keystores.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/JSS
applet with SunMSCapi not working in linux
http://forums.mozillazine.org/viewtopic.php?p=12037571
Try with libsoftokn3.so of NSS.
See my answer here, "Approach 1".
The key is to find where libsoftokn3.so is, and use it as the libfile to construct a config file, and then a KeyStore.
You can get the Default Type.
Try the below code
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
I successfully installed a GoDaddy SSL certificate in Tomcat last year.
When the certificate expired, I renewed it. I did this without generating a new keystore or CSR. GoDaddy delivered three files to me, gd_bundle.crt, gd_intermediate.crt, and a third .crt file with a random number as the name.
I don't know what to do next. I assume I have to incorporate these files into my existing keystore. GoDaddy provides this help page:
http://support.godaddy.com/help/article/5355/ssl-certificate-renewal-tomcat-4-x5-x6-x
The page says I can do this one of two ways. I tried the first way and all I got was an error message saying "-inkey: no such file or directory". I tried the second way, but I do not have any file with the name it references, and also any attempt to import the new certs into the existing keystore results in an error "certificate not imported, alias already exists".
What is the correct way to update my keystore file with the new certificate?
Thanks.
You need to use the keytool to import the numbered file into the existing KeyStore, using the same alias you're already using, with the -importcert option.
I get an error on this line:
final KeyStore keyStore = KeyStore.getInstance("BKS");
the error i get is:
java.security.KeyStoreException: BKS not found
at java.security.KeyStore.getInstance(Unknown Source)
at AppListen.<init>(AppListen.java:84)
i added bcprov-jdk16-146.jar to the "Referenced Libraries" but still no luck.
My overall program allows an android phone to be used as mouse and keyboard for a computer using an SSL socket connection. The android app has the same line with no errors.
What am i doing wrong?
EDIT:
Maybe this is common knowledge for most, but it wasn't for me, so for those like me this is what i did.
The reason i was using BKS was because that's the only format allowed by android, but i didnt know that you only needed it on the android side, you can use another format on the server and then make a copy of the key and convert it to BKS to use on the android, eliminating the need for BouncyCastle.
I used a JKS key for the server and than converted a copy of that key to BKS to use on the android using a program called portecle.
Include BouncyCastle library in the project and add provider in code
Security.addProvider(new BouncyCastleProvider());
KeyStore keyStore = KeyStore.getInstance("BKS");
I'm using the below code to attempt to load a keystore file and I'm getting an java.io.IOException: Invalid keystore format Exception. Any ideas on how to troubleshoot this or what is causing the issue?
Load Keystore File:
final FileInputStream keyFile = new FileInputStream(filePath
+ "key.p7b");
final KeyStore keyStore = KeyStore.getInstance("JKS");
String storepass = "pwd";
keyStore.load(keyFile, storepass.toCharArray());
Exception:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
On request, my comment as an answer:
p7b is a certificate file, not a keystore file. You must convert it first. Apparently OpenSSL can help with that.
I have a problema like that when I try to create a keystore file with a Sun/Oracle JDK in Portuguese... The portuguese version of JDK (or my Windows PT-BR, I don't know yet) have this bug... I needed to make the keystore file in an English operational system.