Check android keystore keypass for correctness

I'm automating some things that involve the android keytool and jarsigner. The tool takes a keystore, the password for the keystore, the alias name, and the password for the alias / key, and I'm trying to find a way to explicitly check to see if the supplied password for the alias / key is correct.

Any ideas? Also, I need to check it without a jar file to sign - getting that file in my context is lengthy, so I want to abort sooner rather than later.

标签： android keytool jarsigner

2条回答

一纸荒年 Trace。

2楼-- · 2019-04-17 23:16

You can do it a couple of ways:

A. With keytool

If you run the command keytool -keypasswd -keystore <keystore> -alias <alias> -storepass <storepass> -keypass <keypass> -new <keypass> then you will get the error Keystore was tampered with, or password was incorrect if the keystore password is wrong, or the error Cannot recover key if the alias password is wrong. Unfortunately the return code is 1 in both cases, so you will need to do parsing of the program's output if you want to be smart about the type of error.

B. With a small Java program

Something along these lines:

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

try (FileInputStream fis = new FileInputStream(keystore)) {
    ks.load(fis, ksPw.toCharArray());
}

ks.getEntry(alias, new KeyStore.PasswordProtection(aliasPw.toCharArray()));

will fail at line 4 with a java.io.IOException if the key store password is wrong, or with a java.security.UnrecoverableKeyException at line 7 if the alias password is wrong.

0人赞添加讨论(0) 举报

兄弟一词,经得起流年.

3楼-- · 2019-04-17 23:22

You can also check if the password is correct without attempting to change the password. I did it by listing the properties of the keystore with this command:

keytool -list -keystore <keystorefile> -storepass <passwordtocheck>

0人赞添加讨论(0) 举报

Check android keystore keypass for correctness

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间