JDK-8182879: Add warnings to keytool when using JKS and JCEKS

Sean Mullan sean.mullan at oracle.com
Fri Jul 14 15:25:03 UTC 2017

On 7/14/17 11:12 AM, Weijun Wang wrote:
>> On Jul 14, 2017, at 7:00 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>> I think we should add a Release Note to 8182879 indicating that keytool now emits a warning for JKS/JCEKS keystores.
> https://bugs.openjdk.java.net/browse/JDK-8184671 filed. Please take a review.
> "When keytool is operating on a JKS or JCEKS keystore

It doesn't show the warning if it only contains trusted certificate 
entries, right?

I wonder if you should be more specific, ex - "on a JKS or JCEKS 
keystore containing private or secret key entries". But that might 
reveal too much.

Maybe just change "will" to "may" below.


, a warning will be shown that the keystore uses a proprietary format 
and migrating to PKCS12 is suggested. The keytool's -importkeystore 
command is also updated so that it can convert a keystore from one type 
to another if the source and destination point to the same file.”
> Thanks
> Max

More information about the security-dev mailing list