How to counter the exception "Not a JKS or JCEKS keystore (magic number wrong; expected FEEDFEED or CECECECE)"

Question

I am using pyjks to read a jks file and find private key for further encryption. It is quite easy in Windows system but I am not able to figure out what should be done if we are on linux environment. I have a self-signed certificate, from that I have extracted private key and public certificate. Now I need to store it in keystore of linux, that java keystore will further be read by a python script to fetch private key and do the decryption.

openssl pkcs12 -export -in private.crt -inkey server.key -out ks.p12

keytool -importkeystore -deststorepass psswrd -destkeystore msnew.jks -deststoretype JKS -srckeystore ks.p12 -srcstoretype PKCS12

Python Code:

keystore = jks.KeyStore.load('/home/ikscare/Documents/Projects/Subu/crypto/msnew.jks', passphrase)

Exception thrown is : BadKeystoreFormatException: Not a JKS or JCEKS keystore (magic number wrong; expected FEEDFEED or CECECECE)

score 0 · Answer 1 · answered Jun 13 '22 at 15:45

0

The Python library is telling you that your file (msnew.jks) is not, in fact, a valid JKS or JCEKS keystore.

I suggest that you double-check the keystore type. (keytool -list -keystore ... prints it at the top of its output.)

In my case, the "JKS keystore" turned out to be a PKCS12 file.

answered Jun 13 '22 at 15:45

De117

351
2
11

/bin/bash: line 1: keytool: command not found – CS QGB Apr 30 '23 at 19:59

How to counter the exception "Not a JKS or JCEKS keystore (magic number wrong; expected FEEDFEED or CECECECE)"

1 Answers1