KeyStore Explorer is a free GUI replacement for the Java command-line utilities keytool and jarsigner.
Home Page: https://keystore-explorer.org/
License: GNU General Public License v3.0
Following exception ocures with java 8 update 102:
java.lang.ClassCastException: java.util.HashMap cannot be cast to java.util.Collection at net.sf.keystore_explorer.crypto.keystore.KeyStoreUtil.fixDuplicateMSCAPIAliases(KeyStoreUtil.java:321) at net.sf.keystore_explorer.crypto.keystore.KeyStoreUtil.loadMsCapiStore(KeyStoreUtil.java:300) at net.sf.keystore_explorer.gui.actions.OpenMsCapiAction.doAction(OpenMsCapiAction.java:73) at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
I think this stackoverflow pages shows the problem:
http://stackoverflow.com/questions/38505237/with-java-8-update101-java-util-hashmap-cannot-be-cast-to-java-util-collection
I propose to show hidden files (staring with dot) in open keystore dialog.
Is it possible to have a scep feature please
It could be useful to enroll with that protocole
Best regards
I've successfully packaged Keystore Explorer as an RPM for my favorite GNU/Linux distro (i.e. Mageia), but I had to download AppleJavaExtensions.jar from Apple®™ to compile the source code. Unfortunately, Apple’s license is far too restrictive and prevents any redistribution. So, even if the resulting built RPM is free because it doesn’t contain the Apple Jar, a source RPM can’t be submitted to the various distro’s building systems because it must contain the problematic Jar to be compilable, even though this library is useless with anything but Mac OS X systems in the end.
This is, IMHO, a major problem, and the use of this Apple Library by the source code of Keystore Explorer should depend on an build option, in order to compile the code without any non free elements.
With such a build option, Keystore Explorer could be imported and built in all GNU/Linux distros and distributed in their repositories for a wider visibility.
Currently the installer can't be used completely silent.
Using
kse-522-setup.exe /S
There's one messagebox shown: "Do you want a shortcut to KeyStore Explorer to be placed on the desktop?"
This should be changed. I think a solution may be, changing in the installer:
MessageBox MB_YESNO "Do you want a shortcut to KeyStore Explorer to be placed on the desktop?" IDNO NoShortcut
to
MessageBox MB_YESNO "Do you want a shortcut to KeyStore Explorer to be placed on the desktop?" IDNO NoShortcut /SD IDNO
Didn't test it yet.
Here's a description for silent installs:
http://nsis.sourceforge.net/Docs/Chapter4.html#silent
http://nsis.sourceforge.net/Examples/silent.nsi
I just got this error:
BUILD FAILED
../keystore-explorer/kse/build.xml:355: taskdef class net.sf.launch4j.ant.Launch4jTask cannot be found
using the classloader AntClassLoader[]
any solutions?
The SmartCard-HSM is a smart card based secure key store for RSA and ECC keys.
We'd like to add direct support in the KeyStore Explorer via the SmartCard-HSM JCEProvider.
The SmartCard-HSM can be accessed via PKCS#11 using the OpenSC PKCS#11 Module, however the path via JCE allows for a deeper integration.
A first version has been created in a cloned repo, from which we plan to create pull requests as we progress.
The JCE Provider is released under GPL and it's source code is available via the CardContact Developer Network.
According to the Java specification it is up to keystore implementations whether key-aliases are case sensitive or not. Bouncy Castle (ÜBER) and PKCS#11 specification define case sensitive handling. The keystore explorer does not support case sensitive handling. See attached diff to enable case sensitive handling of aliases (i.e. remove case insensitive comparison and explicit conversion to lower case).
It would be very convenient if several things could either be "memorized" by KSE, or stored in a config file - so that the user could set them once, rather than doing it every time he needs that function. Examples of what I need (others may need something else):
Thanks!
It still states that it's 5.2.1, as of 5 months ago. Would appreciate it fixed/updated. Thanks!
Running behind an HTTP/HTTPS Web proxy. Help -> Online - Check for Updates fails:
java.lang.NullPointerException
at java.io.Reader.<init>(Reader.java:78)
at java.io.InputStreamReader.<init>(InputStreamReader.java:72)
at net.sf.keystore_explorer.utilities.net.PacProxySelector.compilePacScript(PacProxySelector.java:173)
at net.sf.keystore_explorer.utilities.net.PacProxySelector.select(PacProxySelector.java:89)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1099)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:933)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.URL.openStream(URL.java:1045)
at org.apache.commons.io.IOUtils.toString(IOUtils.java:894)
at org.apache.commons.io.IOUtils.toString(IOUtils.java:917)
at net.sf.keystore_explorer.gui.dialogs.DCheckUpdate$CheckForUpdate.run(DCheckUpdate.java:192)
at java.lang.Thread.run(Thread.java:745)
It fails for proxy configured as "Use System", "Automatic Proxy Configuration" (as above), and "Manual" (time-outs). Needless to say, the settings are correct because I'm using them for everything else successfully.
Currently only supports opening a keystore from the command line.
Would be useful if it could also open a single certificate.
When signing the JAR files from the keystore explorer it states the JAR file was signed successfully but when you go out to the command line and verify the jar was signed, it states the files were added to the manifest but UNSIGNED.
We can then only run the command line to sign and verify the JAR successfully using the same keystore and certs that were created with the Keystore Explorer GUI and it shows successful validation with Certs.
example: jarsigner -verbose -keystore jarsignsrv.jks -tsa http://timestamp.globalsign.com/scripts/timstamp.dll -signedjar ./jacob-1.14.3/jacob-signed.jar ./jacob-1.14.3/jacob.jar jarsignsrv
For importing in several software and sites, the plain pem format is needed for both the key, certificate and chain.
Right now you can export key pair to p12 only.
To get the full pem, we need way too many steps using only this software:
1- export private key as pem
2- export public key as pem ( and share the same name as the private key above, so need to rename , see issue #45 )
3- view chain details and export each chain certificate as pem (or copy paste to the above file)
If the export key pair had one option for that, that would help a lot.
So please add in the export key pair, a way to export the pair in pem format (with the full chain)
Not so important, the export chain should also have enabled the export x.509 pem for the entire chain too, to keep thing consistent
I don't normally need to deal with keystores so the procedures and command-line arguments are a little overwhelming. This program made it possible and almost easy for me to do what I needed to do.
Thank you very much!
I generate a key pair, generate the CSR, the CA sign it and changed several values:
CN=(certname), OU=GGSSL Domain SSL, OU=Domain Control Validated
When i try to renew the certificate, i generate a new CSR and i get the new CA enforced values instead of the original ones. As the CA removes the country and other fields, the request is now invalid and i have to generate a new key pair and request a "new order" instead of simpler "renew"
Please allow one to use the original fields in the CSR instead of the CA certificates ones.
Thanks for the help!
Daniel
There is no "free fill" in the extensions making it impossible to use "custom" extensions. Something the standard allows
While trying to open KeyStore Explorer 511, after succesfull installation, I get bellow exception error.
I tried to install the latest version of your Windows installer by running it as administrator, as well as running the kse.exe from your manual package by running it as administrator... same result.
Installed OS / Java:
java.lang.NullPointerException
at java.util.Hashtable.put(Unknown Source)
at javax.swing.JEditorPane.registerEditorKitForContentType(Unknown Source)
at javax.swing.JEditorPane.registerEditorKitForContentType(Unknown Source)
at javax.swing.JEditorPane.loadDefaultKitsIfNecessary(Unknown Source)
at javax.swing.JEditorPane.getKitTypeRegistry(Unknown Source)
at javax.swing.JEditorPane.createEditorKitForContentType(Unknown Source)
at javax.swing.JEditorPane.getEditorKitForContentType(Unknown Source)
at javax.swing.JEditorPane.setContentType(Unknown Source)
at javax.swing.JEditorPane.handleConnectionProperties(Unknown Source)
at javax.swing.JEditorPane.getStream(Unknown Source)
at javax.swing.JEditorPane.setPage(Unknown Source)
at javax.swing.JEditorPane.(Unknown Source)
at net.sf.keystore_explorer.gui.licenseagreement.DLicenseAgreement.initComponents(DLicenseAgreement.java:148)
at net.sf.keystore_explorer.gui.licenseagreement.DLicenseAgreement.(DLicenseAgreement.java:104)
at net.sf.keystore_explorer.gui.CreateApplicationGui.displayLicenseAgreement(CreateApplicationGui.java:173)
at net.sf.keystore_explorer.gui.CreateApplicationGui.run(CreateApplicationGui.java:92)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
There is no support for multiple OU's
Something that is allowed in the standard
Hi, I just had a quick question:
Does keystore-explorer have command line interface?
I couldn't find any documentation which suggested this already exists, and I know that keystore-explorer is supposed to be a "replacement for the Java command-line utilities keytool, jarsigner and jadtool".
Having used (and loved) the GUI, I think it'd be awesome to have an all-in-one command line version, which would allow me to automate this process.
I recently had to import a DER private certificate into a JKS keystore using openssl and keytool - admittedly I'm a novice, but it was a pain in the ass (steps: convert to PEM, generate a x509 public key, import into p12 keystore, convert to JKS).
If I could leverage a keystore-explorer CLI (with some sensible defaults/layman terminology/"smarts"), I think you'd be providing an invaluable tool:
e.g.
keystore-explorer import private.der new-keystore.jksor
java -jar kse.jar import private.der new-keystore.jksHello,
I have a problem using a PKCS #12 created with Portecle, which is using a previous version of Bouncy Castle (1.50 and 1.52) and portecle.
Here is a PKCS #12 keystore containing Goolge’s www.google.fr:443 TLS certificate google.p12.zip (password: 123456).
It is visible using GNOME default tool: GCR-viewer. But is not seen by keystore-explorer.
I watched the alias returned by the load method, but no alias exists.
keyStore.load(fis, password.toCharArray());
Enumeration<String> a = keyStore.aliases();
while (a.hasMoreElements()) {
String aliasz = (String) a.nextElement();
System.out.println("Alias : " + aliasz);
}I have not found a way to know if the loaded PKCS #12 can hide unrecognized keys.
I’d like to inform the user with an information message to indicate that the PKCS #12 is kinda corrupted.
Maybe you have an idea for it.
Thanks,
PS : When using version 1.52 of Bouncy castle with portecle, it does not happen to read the PKCS #12.
Luc
I manage hundreds of keystore files for web servers and keeping track of the storepass passwords is my biggest challenge. Please add a password manager where I can enter in a master password at startup that gives me access to all storepass passwords. The storepass assigned to each keystore must be viewable (if in the master password list). When I open a keystore that is the password manager, the storepass is used automatically
When I create a new keystore, automatically generate a complex random storepass and store in the password manager.
File->Open Special->Open PKCS11 does not show any dialog as is written in the "Help" section.
Please enhance KSE to enable access to a Safenet Luna key store HSM.
I'm using keystore explorer 5.2.1 (the latest) with a 64-bit java 8.102 (the latest) on a windows 10 system. I have several pkcs12 keystores with a number of private and public certificates. The private certificates are shown correctly but no public certificate is visible and I'm 100% sure that they are in the store.
Is this a known problem with keystore explorer?
Is there a workaround?
When attempting to view the Name Constraints Extension from a certificate imported into a new PKCS#12 Keystore, using the OpenSSL Key Pair Type, I recive a java.lang.NullPointerException, and the preview box fails to render the assortment of Permitted and Excluded subtree strings.
Error scenario:
Error Details: http://pastebin.com/bd1Z4Qas
Example Certificate: listener.client.cert
-----BEGIN CERTIFICATE-----
MIIEDTCCAvWgAwIBAgIBCjANBgkqhkiG9w0BAQsFADB1MQ0wCwYDVQQIDARTYXRl
MRUwEwYDVQQKDAxPcmdhbml6YXRpb24xCzAJBgNVBAYTAlpaMRwwGgYDVQQLDBNP
cmdhbml6YXRpb25hbCBVbml0MQ8wDQYDVQQDDAZtYXN0ZXIxETAPBgNVBAcMCExv
Y2FsaXR5MB4XDTE2MDYyODIyMjYwOFoXDTIwMTIxNTAyNTk0M1owfzENMAsGA1UE
CAwEU2F0ZTEcMBoGA1UECwwTT3JnYW5pemF0aW9uYWwgVW5pdDERMA8GA1UEBwwI
TG9jYWxpdHkxFTATBgNVBAoMDE9yZ2FuaXphdGlvbjEZMBcGA1UEAwwQL2xpc3Rl
bmVyLmNsaWVudDELMAkGA1UEBhMCWlowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCd6jYKaRYN/M8a+pRcjvY/t7IDMn6jjxMcgGSIeGuKSNjDhson/xk1
bdSpXcmjHVc1fwXzJLg1D6SgGpH6dRlSq02o/t27K4AruAy/TYAO5KmpDdFyYkj4
84mLop5rWUmrXqe8jBPBRc1lTtt0laL6A5Zh4Gqb1AbcUyUliP/Mr1NbgUMVzxLc
285R/DHzTPwtmfKYmXHqzth53NFcVaElRD0OA/3qNucubCMFbaDidHX+owrgM8Xe
zKUl45xyNkF7X/3qIlWx+Dmwi4C1az+mTk+1JHFdg8YghWEgUkDuEz5XJ2diIsaL
wHwmGkkDA08m7Q2HQVkzyf5QNXLKqOivAgMBAAGjgZ0wgZowHwYDVR0jBBgwFoAU
tg5WJ+N2/H4uWkPm31pGpnZoz9cwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0P
AQH/BAQDAgOoMB0GA1UdHgQWMBShEjAQhg4vY2hhdHRlcnssL30qKjAdBgNVHQ4E
FgQUsNjv9TWoheAAXG7cVUeIyK4JL8MwFAYDVR0RBA0wC4YJL2xpc3RlbmVyMA0G
CSqGSIb3DQEBCwUAA4IBAQBQOY/bQ5wXAW2J6IVUNAK7b3deFc0Ekra7ud2yrvia
JgA9uJ5WfEyVStLjDh5028Ek90lSWhtJMo68KyyAr4VAeqOtFw+sPeV3e1mXvz7F
94jyI1YrjREZ+67qyOURq3ud/A1jZI7QYPzMPVGL1jmAP3cMoCMABbl4PkLWGuP6
+WtkorLJk66kIwdiGYqtk39OgcrzbRWOeirdZnmI50Fu1HaanSKgv7n2QqdLCtBB
FUGIrLfmV+EB3Wt3mIq44JVT2pFAiSrc/CDwEbIdaJCVWROaJKDwrSc+CXcFsYSC
6J9vzI6TDvCz7ZLQcRNwxw6+FAjc4FueIlK8TxX6iNBK
-----END CERTIFICATE-----
OpenSSL appear to interpret the extension successfully like so:
$ openssl x509 -in listener.client.cert -text
...
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Name Constraints:
Excluded:
URI:/chatter{,/}**
X509v3 Subject Key Identifier:
B0:D8:EF:F5:35:A8:85:E0:00:5C:6E:DC:55:47:88:C8:AE:09:2F:C3
...
When I try to open à keystore with a wrong password I have a error
It could be intersting to try until we clic for exemple in a cancel button
Thank you again for this beautiful and useful tool
I use a tool that automatically downloads new software and it also checks for the verifies the code signing.
In 5.2.2 this code signing is missing
codesign --display -r- --deep -v /Volumes/KeyStore\ Explorer\ 5.2.2/KeyStore\ Explorer\ 5.2.2.app /Volumes/KeyStore Explorer 5.2.2/KeyStore Explorer 5.2.2.app: code object is not signed at all
Also if I check the DMG file
pkgutil --check-signature kse-522.dmg Package "kse-522.dmg": Status: package is invalid (checksum did not verify)
When I attempt to unlock an keypair protected with a password, I get an NPE each time.
The keystore file is a .JCEKS with 2 keypairs and 3 certs - both keypairs are protected with a password.
Running on JDK 1.8.0_77, El Capitan OS X.
C:\Users\xxx>java -version
openjdk version "1.8.0_72"
OpenJDK Runtime Environment (Zulu 8.13.0.5-win64) (build 1.8.0_72-b15)
OpenJDK 64-Bit Server VM (Zulu 8.13.0.5-win64) (build 25.72-b15, mixed mode)
When running the kse.exe on Windows as installed by your installer, I get a popup error message. Maybe the tool has problems finding the JRE because it specifically looks for Oracle JDK instead of OpenJDK, I have no idea. When running from the command line with java -jar kse.jar it works nicely.
Are there any other keystore types available and are not currently supported?
I am asking as I have a .keystore file that it says when I try to open it, that is not any of the supported storetypes.
The keystore inside looks like base64 encoded.
We use p12 keystores with root-CA certificate, sub-ca certificate and private key + public key - all in a chain
KSE 5.2 didn't show the ca certificates, only the keypair
KSE 5.1 shows only one of the ca-certificates (it is also a bug, but better than 5.2)
Th p12 file works well.
both certificates use the same entry or friendly name "CA certificates" maybe the problem?
Cheers Jan
There is PEM view button in "Certificate Chain Details" dialog.
It would be handy to have such option for "Private Keys Details" and "Public Keys Details" as well.
Hello
i notice when i try to remove a DNS name, it trigger a null pointer error
i happen when i am in add extension > SAN-> DNS NAme
best regard
Devdas
App doesn't start when it's symlinked to /bin/kse because it incorrectly detets it's parent foler.
ln -s /path/to/apps/kse-52/kse.sh /bin/kse
/bin/kse
When exporting an EC private key I get:
java.lang.ClassCastException: sun.security.ec.ECPrivateKeyImpl cannot be cast to java.security.interfaces.DSAPrivateKey
at net.sf.keystore_explorer.crypto.privatekey.OpenSslPvkUtil.get(OpenSslPvkUtil.java:125)
at net.sf.keystore_explorer.crypto.privatekey.OpenSslPvkUtil.getPem(OpenSslPvkUtil.java:162)
at net.sf.keystore_explorer.gui.actions.ExportKeyPairPrivateKeyAction.getOpenSslEncodedPrivateKey(ExportKeyPairPrivateKeyAction.java:294)
at net.sf.keystore_explorer.gui.actions.ExportKeyPairPrivateKeyAction.exportAsOpenSsl(ExportKeyPairPrivateKeyAction.java:227)
at net.sf.keystore_explorer.gui.actions.ExportKeyPairPrivateKeyAction.doAction(ExportKeyPairPrivateKeyAction.java:111)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
From the license agreement (see excerpt below), it shouldn't be necessary to agree to the license before using the software. Since users are still bound by copyright law, refusing to accept the license agreement should not prevent usage of the software.
However when initially running the software, the user is prompted to accept the license, and cannot use the software if they decline.
"You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so."
When trying to view pkcs12 file content the application shows an empty list, as if the file has no content at all, doing the same operation with version 5.1.1 works perfect. Also if you create a new keystore and try to import keys from pkcs12 it shows an error saying that there are no keys to import.
Hi.
I have the latest KeyStore Explorer version 5.1.1. And I have just noticed an issue that when opening some test .p12 file the "Entry name" column, which is supposed to show the alias, shows SHA1 fingerprint instead. The correct alias is "1".
To see what the command line tool keystore shows do the following:
keytool -list -keystore signout.p12 -storepass test -storetype PKCS12
The output is the following:
Keystore type: PKCS12
Keystore provider: SunJSSEYour keystore contains 1 entry
1, 12.01.2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): 37:D3:9D:AE:E6:A7:5F:CC:5D:D2:39:90:8A:A6:93:8E:72:1B:EC:C9
I have attached this .p12 file (inside an archive archive, key store password is "test") along with the screenshot of KyeStore Explorer that illustrates this issue.
Hope this info will be useful.
5.1.1 works fine.
but:
5.2, on clicking the 'Open an existing KeyStore', I see the rotating wheel icon 'evermore' until I kill the app.
I'm running the latest production release of El Capitan (10.11.5).
help! (please)?
regards,
peter
Export private key as pem defaults to the same name as export public key as pem. This should be avoid, just add a .pub or pem to the public key or a .key to the private (or both)
It would be nice to be able to verify a certificate chains. Recently I had to deal with a certificate that was signed with an algorithm that Java 8's JCE didn't support and BC was failing the signature. KSE happily showed the chain and the algorithm it was signed with but it wouldve been nice to verify the certificates chain of trust is actually valid (via PKIX). Once i verified the certificate with the Issuer's public key, the issue became evident but i had to throw in some code to do it. In my case it wouldn't have helped, because if i understand correctly, KSE has stepped out of BC and JCE provider and into the Oracle JCE but still it is a nice to have functionality.
I had 5.2 installed and just installed 5.2.1. I expected that this would update my existing installation, but instead I have now two different version of KSE installed.
Unfortunately on Windows 10, if I open the start menu there are two KSE entries, one for 5.2 and one for 5.2.1. But the button to start KSE is only available in 5.2, 5.2.1 just shows "Licenses" und "Uninstall".
We currently use KSE 5.1.1 to manage a key store in PKCS12 format. The store contains both public key certificate entries and private key certificate entries. As of 5.2.2 KSE no longer shows any public key certificate entries.
We reverted to 5.1.1 and have no issues managing the file.
Please add support for SHA-2. There is now a real need for supporting this sig algorithm.
I'd like the option of exporting multiple (or all) certificates from the keystore. At the moment, I have to manually export each one individually and then combine them. I'd like to be able to select the entries I want and then export their certificates in one operation.
There seems to be no support to add a CRL endpoint
The problem is that when Digital Signature key is used, the PIV standard requires that VERIFY PIN command immediately precedes the signing request. In other words, before signing with a key on the token, KSE must login to the token again (yes, it may be counter-intuitive - but that's how it works).
Since KSE (as of 5.2.1) does not do that - attempts to sign (e.g., a JAR) fail, producing the following error report:
net.sf.keystore_explorer.crypto.CryptoException: Block signing failed.
at net.sf.keystore_explorer.crypto.signing.JarSigner.createSignatureBlock(JarSigner.java:805)
at net.sf.keystore_explorer.crypto.signing.JarSigner.sign(JarSigner.java:302)
at net.sf.keystore_explorer.gui.actions.SignJarAction.doAction(SignJarAction.java:119)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
at java.awt.Component.processMouseEvent(Component.java:6533)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:591)
at java.security.Signature$Delegate.engineSign(Signature.java:1207)
at java.security.Signature.sign(Signature.java:579)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$SignatureOutputStream.getSignature(JcaContentSignerBuilder.java:158)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$1.getSignature(JcaContentSignerBuilder.java:91)
at org.bouncycastle.cms.SignerInfoGenerator.generate(SignerInfoGenerator.java:220)
at org.bouncycastle.cms.CMSSignedDataGenerator.generate(CMSSignedDataGenerator.java:177)
at net.sf.keystore_explorer.crypto.signing.JarSigner.createSignatureBlock(JarSigner.java:796)
at net.sf.keystore_explorer.crypto.signing.JarSigner.sign(JarSigner.java:302)
at net.sf.keystore_explorer.gui.actions.SignJarAction.doAction(SignJarAction.java:119)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
at java.awt.Component.processMouseEvent(Component.java:6533)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
at sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native Method)
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:553)
at java.security.Signature$Delegate.engineSign(Signature.java:1207)
at java.security.Signature.sign(Signature.java:579)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$SignatureOutputStream.getSignature(JcaContentSignerBuilder.java:158)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$1.getSignature(JcaContentSignerBuilder.java:91)
at org.bouncycastle.cms.SignerInfoGenerator.generate(SignerInfoGenerator.java:220)
at org.bouncycastle.cms.CMSSignedDataGenerator.generate(CMSSignedDataGenerator.java:177)
at net.sf.keystore_explorer.crypto.signing.JarSigner.createSignatureBlock(JarSigner.java:796)
at net.sf.keystore_explorer.crypto.signing.JarSigner.sign(JarSigner.java:302)
at net.sf.keystore_explorer.gui.actions.SignJarAction.doAction(SignJarAction.java:119)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
at java.awt.Component.processMouseEvent(Component.java:6533)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
All subsequent attempts to use this token fail:
java.lang.NullPointerException
at net.sf.keystore_explorer.crypto.keypair.KeyPairUtil.getKeyPairType(KeyPairUtil.java:263)
at net.sf.keystore_explorer.gui.actions.SignJarAction.doAction(SignJarAction.java:95)
at net.sf.keystore_explorer.gui.actions.KeyStoreExplorerAction.actionPerformed(KeyStoreExplorerAction.java:92)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.AbstractButton.doClick(AbstractButton.java:376)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877)
at java.awt.Component.processMouseEvent(Component.java:6533)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
P.S. Theoretically one could use other keys on the token (there are four to choose from) that do not have the above-mentioned restriction, but alas only this key is authorized by the standard and its Extended Key Usage for digital signature and code signing.
Hi. It would be nice if explorer could change Secret key value.
Currently we use one solution in java with manuallny open keystore and create values.
char[] password = "ABC123".toCharArray();
char[] passwordNew = "ABC123".toCharArray();
KeyStore keystore = keystore = KeyStore.getInstance("JCEKS");
keystore.load(Files.newInputStream(FileSystems.getDefault().getPath("path", "to", "old.jceks"), StandardOpenOption.READ), password);
DESedeKeySpec dks = new DESedeKeySpec(add3rdPart(Base64.decodeBase64("password123password12")));
SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
SecretKey desKey = skf.generateSecret(dks);
ProtectionParameter param = new PasswordProtection(password);
Entry entry = new SecretKeyEntry(desKey);
keystore.setEntry("sporopay.key", entry, param);
Path storeout = FileSystems.getDefault().getPath("path", "to", "new.jceks");
keystore.store(Files.newOutputStream(storeout, StandardOpenOption.WRITE,StandardOpenOption.CREATE), passwordNew);
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.