Don't believe the error, or a lot of websites....
I have a requirement to encrypt passwords in a file. I figured I'd use the java security tools to store the encryption key.
Step 1/ Generate the secret key (Using AES as encryption algorithm)
.\keytool -genseckey -alias aestest -keyalg AES -keysize 192
This results in error
keytool error: java.security.KeyStoreException: Cannot store non-PrivateKeys
After much searching, and some incorrect pointers (Keytool cannot generate symmetric keys, keytool cannot generate AES keys etc.), I found the solution. The problem is the default Keystore type is JKS. This cannot store symmetric keys. However if you change the keystore type to JCEKS then it works.
e.g.
.\keytool -genseckey -alias aestest -keyalg AES -keysize 192 -storetype JCEKS
One side effect of this is that you then need to specify the storeType in every command there-after.
e.g.
keytool -list
keytool error: java.io.IOException: Invalid keystore format
keytool -list -storetype JCEKS
Your keystore contains 3 entries
aestest, 14-Dec-2009, SecretKeyEntry,
aestest2, 14-Dec-2009, SecretKeyEntry,
test, 14-Dec-2009, SecretKeyEntry,
6 comments:
Thanks for sharing this tip!
I know this blog post is from long ago, but ...
geez thank you so much for this! i just spent quite some time googling around and tripping over false information on how the key store CANNOT store symmetric keys..
u r d man. thanks!
Was helpful. Thanks dude!
perfect
Me too!
I was writing some java code to do this generation of keys and storing to a file, but I'm glad I did more research and can generate and store with keytool. Less code is better code.
Post a Comment