How to resolve keyStore.getEntry : excess private key

Question

Please help me with my problem:

When I get an entry from keystore *.jks there is java.security.UnrecoverableKeyException: excess private key at keyStore.getEntry My certificate is not self-signed. I'm provided with a .jks from an official authority. When I received the certificate I set only one password.

        FileInputStream is = new FileInputStream(keyFile);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        String decryptedPasswd = cryptoProvider.decryptBase64(privatePasswd);
        keyStore.load(is, decryptedPasswd.toCharArray());
        Enumeration e = keyStore.aliases();
        String alias = (String) e.nextElement();
        KeyStore.ProtectionParameter protPassword =
                new KeyStore.PasswordProtection(decryptedPasswd.toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)
                keyStore.getEntry(alias, protPassword);

When I try change type of keystore by keytool than I get same exception at Enter key password for <pb_sign_>

keytool -importkeystore -srckeystore pb_.jks -destkeystore new-store.p12 -deststoretype PKCS12
Importing keystore pb_.jks to new-store.p12...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Enter key password for <pb_sign_>
keytool error: java.security.UnrecoverableKeyException: excess private key

java --version
java 11.0.11 2021-04-20 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.11+9-LTS-194)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.11+9-LTS-194, mixed mode)

Given you identify as Ukrainian, I'll go out on a limb and guess this key is DSTU-something, in which case see https://stackoverflow.com/questions/48014312/unable-to-convert-jks-to-pkcs12-excess-private-key -- the standard Oracle/OpenJDK provider(s) can't handle this and you need to use BouncyCastle. (Which you would need anyway to use the resulting key for anything, as Oracle/OpenJDK doesn't implement DSTU, or GOST, algorithms.) — dave_thompson_085, Jul 01 '21 at 17:06

How to resolve keyStore.getEntry : excess private key

0 Answers0