pyjks icon indicating copy to clipboard operation
pyjks copied to clipboard
verified publisher icon kurtbrose

make password optional in jks.KeyStore.load()

Open eighthave opened this issue 5 years ago • 2 comments

keytool lets you query some information in a password-protected keystore without specifying the password. I would like to do the same with pyjks. This would be useful to querying basic information about the keystore, like number of entries, type of entries, alias, etc.

$ keytool -list -keystore keystore.jks -protected

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

myspecialkeyalias, Sep 3, 2020, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): EA:54:23:F7:05:04:A1:1F:B8:AA:F3:33:0F:52:77:25:71:15:C1:01:D3:61:F0:C9:42:11:D0:C0:5A:F0:48:5B

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".
$ keytool -list -keystore keystore.jks -storepass:env STOREPASS
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

sova.at.or.at, Sep 3, 2020, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): EA:54:23:F7:05:04:A1:1F:B8:AA:F3:33:0F:52:77:25:71:15:C1:01:D3:61:F0:C9:42:11:D0:C0:5A:F0:48:5B

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".

This is probably related to #36

eighthave avatar Sep 03 '20 15:09 eighthave

I think this would be a great feature, unfortunately I don't see us having bandwidth to develop it in the foreseeable future. Any chance you'd be up to making a PR?

mahmoud avatar Sep 03 '20 16:09 mahmoud

There is a chance I could take this on. If we need it in fdroidserver, then one of us maintainers would likely want to implement this. Any ideas how hard it would be? In theory it should be easy, since keytool supports it, so the data should be readable.

eighthave avatar Sep 04 '20 07:09 eighthave