36

I understand that the -keypass option is for "the password for the key" and that the -storepass option is for "a password for the keystore".

I don't understand, however, why two passwords are needed.

What scenarios are there for requiring 2 passwords: One for the store (file, in my case) and one for the key.

ef2011
  • 10,431
  • 12
  • 49
  • 67
  • Your `storepass` password is to verify the integrity of a keystore/truststore. Your `keypass` password is actually to decrypt a private or secret key. Yes you can still just "view" public certificates without inputting any passwords but.....you won't be able verify their integrity. So what's the point? – ManRow Apr 17 '20 at 16:27
  • Another way to think of it is like `storepass` is like a hidden symmetric key for a "keystore/truststore" MAC (message authentication), while `keypass` is like the actual *decryption key itself*. So the latter actually protects the private/secret keys stored inside. – ManRow Apr 17 '20 at 16:29

2 Answers2

32

This is due to how Java handles keystores so it's not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs.

In short, you may trust someone to view/update your keystore but not sign things with a key you store in the keystore. Plus, keys could be stored in multiple keystores and you want your keys locked down individually.

Eng.Fouad
  • 115,165
  • 71
  • 313
  • 417
Andrew White
  • 52,720
  • 19
  • 113
  • 137
  • Thanks. At first I thought this feature of 2 passwords is really useful for teams but doesn't make a difference for single-person development "team". Then I read the last sentence in your answer and realized it could be useful for a single developer as well. Thanks++ (will accept shortly). – ef2011 May 10 '11 at 18:21
19

Keytool uses storepass and keypass for different purposes.

storepass is used to access the key store

keypass is used to access the particular key pair's private key.

However, a password should not be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system.

Techie
  • 44,706
  • 42
  • 157
  • 243