Reading a pkcs12 keystore always need storepass
Vincent Ryan
vincent.x.ryan at oracle.com
Fri Mar 6 11:49:21 UTC 2015
That’s right, a store password is required when creating and accessing a PKCS12 keystore.
It is used to en-/decrypt the collection of certs in the keystore.
A store password is also required when creating a JKS keystore.
However, JKS permits a null password when accessing the keystore, to indicate
that the keystore's integrity check can be skipped.
If it helps then the PKCS12 implementation could be modified to use the empty password (“”)
when a null password is supplied.
On 6 Mar 2015, at 10:07, Wang Weijun <weijun.wang at oracle.com> wrote:
> Hi Vinnie
>
> I noticed that without providing a storepass, all certificates in a pkcs12 keystore is invisible, i.e. no TrustedCertEntry and PrivateKeyEntry has no cert. This is quite different from the jks storetype. Is this avoidable?
>
> Thanks
> Max
>
More information about the security-dev
mailing list