RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep
Weijun Wang
weijun at openjdk.org
Wed Apr 23 01:06:41 UTC 2025
Add more description on password handling into the keytool man page. A link to the man page is now added to the keytool help screen.
When keytool output is redirected into a file or file, a warning is shown:
$ keytool -genkeypair | type
Warning: password will be echoed because output is redirected.
Enter keystore password: password
Warning: password will be echoed because output is redirected.
Re-enter new password:
A new manual test is added.
Sorry we cannot suppress password echoing in this case at the moment because `System.console()` is not available.
-------------
Commit messages:
- tests
- show warning when echo is on
- link and man page changes
Changes: https://git.openjdk.org/jdk/pull/24805/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8354469
Stats: 219 lines in 11 files changed: 166 ins; 18 del; 35 mod
Patch: https://git.openjdk.org/jdk/pull/24805.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24805/head:pull/24805
PR: https://git.openjdk.org/jdk/pull/24805
More information about the security-dev
mailing list