-
Bug
-
Resolution: Won't Fix
-
P5
-
None
-
6u21
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Client VM (build 14.2-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows XP - Service Pack 3
A DESCRIPTION OF THE PROBLEM :
When creating a keystore using Keytool, the character £ is allowed.
When attempts are then made to use the private key (signing, changing keypass etc) errors are thrown.
"keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect"
This has been shown with:
jdk1.4.2_10
jdk1.5.0_06
jdk1.6.0_16
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Create a new keystore:
keytool -genkey -keyalg RSA -keystore keystore-test.ks -alias testAlias
2) When asked for the keystore password, use £testtest
3) Use any values for all fields
4) Use the same password for the key password
5) Now try to change the password for the key
keytool -keypasswd -alias testAlias -keypass £testtest -new testtest -keystore keystore-test.ks -storepass £testtest
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The password would change.
ACTUAL -
You will receive an error:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
In comparison, run the steps again leaving the £ symbol out of the passwords. The password is changed as expected.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't use the £ symbol.
Longer term, either Keytool should prevent the use of the £ character, or the keystore format should support it.
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Client VM (build 14.2-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows XP - Service Pack 3
A DESCRIPTION OF THE PROBLEM :
When creating a keystore using Keytool, the character £ is allowed.
When attempts are then made to use the private key (signing, changing keypass etc) errors are thrown.
"keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect"
This has been shown with:
jdk1.4.2_10
jdk1.5.0_06
jdk1.6.0_16
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Create a new keystore:
keytool -genkey -keyalg RSA -keystore keystore-test.ks -alias testAlias
2) When asked for the keystore password, use £testtest
3) Use any values for all fields
4) Use the same password for the key password
5) Now try to change the password for the key
keytool -keypasswd -alias testAlias -keypass £testtest -new testtest -keystore keystore-test.ks -storepass £testtest
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The password would change.
ACTUAL -
You will receive an error:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
In comparison, run the steps again leaving the £ symbol out of the passwords. The password is changed as expected.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't use the £ symbol.
Longer term, either Keytool should prevent the use of the £ character, or the keystore format should support it.
- duplicates
-
-
- Closed
-