Friday, 22 January 2016

What if you forgot Java Keystore Password?

Objective:

To show how one can recover from a situation when a Java Keystore password is forgotten.

Solution:

  1. Let say you have a keystore with name 'myTrustStore.jks' and forgot the store password.
  2. The only way to recover is then to create a duplicate keystore (with new store password) where all the certs from original trustore can be copied as is into the new keystore.
  3. Here is usage of Java Keytool command which can help here:
    [root@hots~]$keytool -importkeystore -srckeystore myTrustStore.jks -destkeystore myTrustStoreCopy.jks -deststorepass pass123
    Enter source keystore password:
    ***************** WARNING WARNING WARNING *****************
    * The integrity of the information stored in the srckeystore*
    * has NOT been verified! In order to verify its integrity, *
    * you must provide the srckeystore password. *
    ***************** WARNING WARNING WARNING *****************

    Entry for alias xxxxx successfully imported.
    Entry for alias yyyy successfully imported.
    Entry for alias zzzz successfully imported.
    ...
    ...
    Import command completed: X entries successfully imported, 0 entries failed or cancelled
  4. As you see in example above when asked the source keystore password one can hit the 'ENTER' key and ignore it, and the keytool will still be able to copy the certs to a new keystore.

Thank You!