RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

Sean Mullan sean.mullan at oracle.com
Wed Dec 13 15:36:08 UTC 2017


It looks like you converted p12importks.sh from shell code to java in 
JKStoPKCS12.java, right? I think you should still include 8010125 in the 
@bug label in JKStoPKCS12.java though.

Otherwise, looks good, one question though:

If you are converting a JKS keystore to a PKCS12 keystore using keytool 
-importkeystore and the deststorepass and destkeypass are different, is 
it an error, or does it ignore the destkeypass and use deststorepass?

--Sean

On 12/7/17 10:21 PM, Weijun Wang wrote:
> Hi All
> 
> Please take a look at
> 
>     http://cr.openjdk.java.net/~weijun/8192988/webrev.00/
> 
> With this fix, "keytool -storepasswd" and "keytool -importkeystore" on a PKCS12 keystore will change the keypass as well with the storepass.
> 
> Thanks
> Max
> 



More information about the security-dev mailing list