RFR 8192988: keytool should support -storepasswd for pkcs12 keystores

Weijun Wang weijun.wang at oracle.com
Wed Dec 13 15:41:56 UTC 2017

> On Dec 13, 2017, at 11:36 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> It looks like you converted p12importks.sh from shell code to java in JKStoPKCS12.java, right?

Yes, and modified a little.

> I think you should still include 8010125 in the @bug label in JKStoPKCS12.java though.


> Otherwise, looks good, one question though:
> If you are converting a JKS keystore to a PKCS12 keystore using keytool -importkeystore and the deststorepass and destkeypass are different, is it an error, or does it ignore the destkeypass and use deststorepass?


"Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value."

This is not a new behavior.


> --Sean
> On 12/7/17 10:21 PM, Weijun Wang wrote:
>> Hi All
>> Please take a look at
>>    http://cr.openjdk.java.net/~weijun/8192988/webrev.00/
>> With this fix, "keytool -storepasswd" and "keytool -importkeystore" on a PKCS12 keystore will change the keypass as well with the storepass.
>> Thanks
>> Max

More information about the security-dev mailing list