I have created a keystore using the java keytool to store a passowrd using the following command
$ keytool -importpassword -alias myalias -keystore mykeystore.jceks -storetype jceks
Enter keystore password: keystore
Re-enter new password: keystore
Enter the password to be stored: testpassword
Re-enter password: testpassword
Enter key password for <myalias>
(RETURN if same as keystore password):
I want to retrieve this password in a java program. Here's what I have written so far.
InputStream is = new FileInputStream(new File("mykeystore.jceks"));
KeyStore ks = KeyStore.getInstance("jceks");
ks.load(is, "keystore".toCharArray());
PasswordProtection pp = new PasswordProtection("keystore".toCharArray());
SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("myalias", pp);
System.out.println(ske.toString()); // Outputs: "Secret key entry with algorithm PBEWithMD5AndDES"
How can I get back the password I store? Is it even possible?
Complete reference code below.
Required libraries:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.SecretKeyEntry;
import java.security.cert.CertificateException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.UnrecoverableEntryException;
Class:
class JCEKS
{
public static void main(String args[])
{
try{
InputStream is = new FileInputStream(new File("mykeystore.jceks"));
KeyStore ks = KeyStore.getInstance("jceks");
ks.load(is, "keystore".toCharArray());
PasswordProtection pp = new PasswordProtection("keystore".toCharArray());
SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("myalias", pp);
System.out.println(ske.toString());
}
catch(KeyStoreException e){
System.out.println("KeyStoreException:");
System.out.println(e);
}
catch(FileNotFoundException e){
System.out.println("FileNotFoundException:");
System.out.println(e.getMessage());
}
catch(IOException e){
System.out.println("IOException:");
System.out.println(e.getMessage());
}
catch(NoSuchAlgorithmException e){
System.out.println("NoSuchAlgorithmException:");
System.out.println(e.getMessage());
}
catch(CertificateException e){
System.out.println("CertificateException:");
System.out.println(e.getMessage());
}
catch(UnrecoverableKeyException e){
System.out.println("UnrecoverableKeyException:");
System.out.println(e.getMessage());
}
catch(UnrecoverableEntryException e){
System.out.println("UnrecoverableEntryException:");
System.out.println(e.getMessage());
}
}
}
After some digging and some trial and error, it turns out you CAN retrieve a password that you store using keytool For example, if you use the following command to store a password
> $ keytool -importpassword -alias my-alias -keystore my-keystore.jcek -storetype jceks
> Enter keystore password: keystorepassword
> Re-enter new password:keystorepassword
> Enter the password to be stored: thepassword
> Re-enter password: thepassword
> Enter key password for <my-alias>
(RETURN if same as keystore password): keypassword
> Re-enter new password: keypassword
To retrieve the password your stored (i.e. 'thepassword'):
InputStream is = new FileInputStream(new File("my-keystore.jceks"));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(is, "keystorepassword".toCharArray());
PasswordProtection pp = new PasswordProtection("keypassword".toCharArray());
SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("my-alias", pp);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5ANDDES");
PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(ske.getSecretKey(), PBEKeySpec.class);
String password = new String(keySpec.getPassword());
System.out.println(password);
Output: thepassword
Note that when you store a string, it defaults to PBEWITHMD5ANDDES algorithm. So you will need to download the javax-crypto.jar and compile it along with your program javac -cp javax-crypto.jar your-program.java