6

I needed to create a jave keystore and so I downloaded the latest version of openssl but kept getting:

keytool error: java.io.IOException: keystore password was incorrect

As well as windows telling me I had the wrong password if I tried to import the .p12. After hours of trying to get things to work I finally downloaded v1.1.1 and POW things just worked!

Problem solved! but why - why does OpenSSL v3.0.0 not work like v1.1.1?

C:\openssl3> openssl pkcs12 -export -name tomcat -in cert.cer -inkey key -out ks300.p12
C:\openssl3> openssl pkcs12 -info -in ks300.p12
Enter Import Password:
<works fine>
...
</works fine>
C:\openssl3> keytool -list -v -keystore ks300.p12
Enter keystore password:
keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
...
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        ... 6 more

then:

C:\openssl1.1.1> openssl pkcs12 -export -name tomcat -in cert.cer -inkey key -out ks111.p12
C:\openssl1.1.1> openssl pkcs12 -info -in ks111.p12
<works fine />
C:\openssl1.1.1> keytool -list -v -keystore ks111.p12
Enter keystore password:
<works fine />

C:\openssl1.1.1> C:\openssl3\openssl pkcs12 -info -in ks111.p12
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
5C200000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:346:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

C:\openssl1.1.1>openssl pkcs12 -info -in ks300.p12
<works fine>

Now that last one surprised me as I was collecting the output for this post, but yes the openssl1.1.1 read the openssl3 .p12 file fine but not the other way (openssl3 cannot read the openssl1.1.1 .p12). The keytool and windows kept complaining about the password for the openssl3 .p12 -- but COULD read the v1.1.1 one.

Is there some downward compatibility option I missed.

I seem to be the only person on the internet to run into this issue which usually means that I did something wrong.

some other data points:

C:\> Java --version
openjdk 11.0.2 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)

C:\openssl3>openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)

C:\openssl1.1.1>openssl version
OpenSSL 1.1.1l  24 Aug 2021
Nicholas
  • 73
  • 1
  • 7
  • ok I see that the error from openssl3 trying to read the ks111.p12 shows that it needs a legacy algorithm Algorithm (RC2-40-CBC) -- and `provider legacy` produces an error looking for a library. So it looks like maybe they are not compatible because they use a different algorithm. – Nicholas Sep 14 '21 at 00:56
  • 1
    " provider legacy produces an error looking for a library." You need to supply two provider args: "-provider legacy -provider default". What is the error that you got looking for a library? – Matt Caswell Sep 14 '21 at 07:52
  • The first thing I don't get why would you need to use openssl to manage a java-keystore? – Zsigmond Lőrinczy Oct 25 '21 at 11:57
  • 1
    The reason is that the CSR was not generated via the keytool and so packaging the private key and certificate together so that we can use keytool to convert it to a java keystore. i.e. see [here](https://stackoverflow.com/questions/906402/how-to-import-an-existing-x-509-certificate-and-private-key-in-java-keystore-to). – Nicholas Oct 26 '21 at 16:20
  • 7
    With OpenSSL-3.0.0, it is option `-legacy` that can be used with command `pkcs12` to generate (or read) old-keytool-compatible pkcs12 files. (See also options `-keypbe` and `-certpbe`.) – Lorinczy Zsigmond Dec 03 '21 at 15:12
  • @LorinczyZsigmond that should be the answer mate, thanks for the help – Sankar May 11 '22 at 13:44
  • @LorinczyZsigmond legacy is not applicable with FIPS. Any suggestions for that? – skboro May 16 '22 at 13:22
  • @skboro I admit I don't know what FIPS is. If it is a restricted version of OpenSSL, you should have an older version of OpenSSL (e.g. 1.1.1) at hand. – Lorinczy Zsigmond May 16 '22 at 13:41
  • 2
    @skboro: _RC2_ (although traditionally used for PKCS12) has never been allowed for FIPS. To get the same result in OpenSSL 3.0.0 as you used to get in _FIPS-mode_ OpenSSL 1.x.x, use the combination `-legacy -descert` or more directly `-keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES`, or if you don't need cert encryption `-keypbe PBE-SHA1-3DES -certpbe NONE`. – dave_thompson_085 Jun 13 '22 at 09:12
  • 1
    Nicholas: late but: Java 11.0.12 up should correctly support the new (PBES2-SHA256-AES) algorithms used in pkcs12 by OpenSSL 3.0.x by default, as should oddnumbered (Oracle) updates to 8 from 8u301 up (but apparently not evennumbered OpenJDK); see https://stackoverflow.com/questions/72412346/java-keytool-importing-pkcs12-to-jks-getting-error-keystore-password-was-incorrect – dave_thompson_085 Jun 13 '22 at 09:20

0 Answers0