keystore - Do you not need a password to access a truststore (made with the java keytool)?

Question

Welcome To Ask or Share your Answers For Others

keystore - Do you not need a password to access a truststore (made with the java keytool)?

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

keystore - Do you not need a password to access a truststore (made with the java keytool)?

I just created a truststore with the java keytool (for server authentication of a server that does not have a CA cert). However I just noticed something strange. I am starting my client like this:

java -Djavax.net.ssl.trustStore=<PATHSTUFF>/client.keystore -classpath <STUFF> Client

(Note: there is NOT a password specified)

The above call works.

However when I try this:

java -classpath <STUFF> Client

It does not work. (Obviously it does not work it requires the truststore).

I was expecting to need to pass in this option (but I did not):

-Djavax.net.ssl.trustStorePassword=mypass

Question: Do you not need a password to access a truststore? Is the password just for modification? What about a keystore?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T17:48:35+0000

The password is used to protect the integrity of a keystore. if you don't provide any store password, you can still read the contents of the keystore. The command keytool -list demonstrates this behavior (use it with an empty password).

Categories

keystore - Do you not need a password to access a truststore (made with the java keytool)?

keystore - Do you not need a password to access a truststore (made with the java keytool)?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags