如何取回存储在 JCEKS 密钥库中的密码?

How can I get back the password I stored in a JCEKS keystore?

我使用 java 密钥工具创建了一个密钥库,以使用以下命令存储密码

$ keytool -importpassword -alias myalias -keystore mykeystore.jceks -storetype jceks 
Enter keystore password:  keystore
Re-enter new password: keystore
Enter the password to be stored: testpassword 
Re-enter password: testpassword
Enter key password for <myalias>
    (RETURN if same as keystore password): 

我想在 java 程序中检索此密码。这是我到目前为止所写的内容。

InputStream is = new FileInputStream(new File("mykeystore.jceks"));
KeyStore ks = KeyStore.getInstance("jceks");
ks.load(is, "keystore".toCharArray());
PasswordProtection pp = new PasswordProtection("keystore".toCharArray());
SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("myalias", pp);
System.out.println(ske.toString()); // Outputs: "Secret key entry with algorithm PBEWithMD5AndDES"

如何取回我存储的密码?有可能吗?

下面是完整的参考代码。

所需的库:

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;

import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.SecretKeyEntry;

import java.security.cert.CertificateException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.UnrecoverableEntryException;

Class:

class JCEKS 
{  
    public static void main(String args[]) 
    {
        try{
            InputStream is = new FileInputStream(new File("mykeystore.jceks"));
            KeyStore ks = KeyStore.getInstance("jceks");
            ks.load(is, "keystore".toCharArray());
            PasswordProtection pp = new PasswordProtection("keystore".toCharArray());
            SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("myalias", pp);

            System.out.println(ske.toString());
        }
        catch(KeyStoreException e){
            System.out.println("KeyStoreException:");
            System.out.println(e);
        }
        catch(FileNotFoundException e){
            System.out.println("FileNotFoundException:");
            System.out.println(e.getMessage());
        }
        catch(IOException e){
            System.out.println("IOException:");
            System.out.println(e.getMessage());
        }
        catch(NoSuchAlgorithmException e){
            System.out.println("NoSuchAlgorithmException:");
            System.out.println(e.getMessage());
        }
        catch(CertificateException e){
            System.out.println("CertificateException:");
            System.out.println(e.getMessage());
        }
        catch(UnrecoverableKeyException e){
            System.out.println("UnrecoverableKeyException:");
            System.out.println(e.getMessage());
        }
        catch(UnrecoverableEntryException e){
            System.out.println("UnrecoverableEntryException:");
            System.out.println(e.getMessage());
        }
    } 
} 

您存储的 password 条目存储为 SecretKeyEntry 并且可以使用 secretKey 对象的 getEncoded() 方法检索其值。

System.out.println(new String(ske.getSecretKey().getEncoded()));

经过一些挖掘和反复试验后,事实证明您可以使用 keytool 检索您存储的密码 例如,如果您使用以下命令存储密码

    > $ keytool -importpassword -alias my-alias -keystore my-keystore.jcek -storetype jceks

    > Enter keystore password:  keystorepassword 
    > Re-enter new password:keystorepassword 
    > Enter the password to be stored: thepassword
    > Re-enter password: thepassword 
    > Enter key password for <my-alias>
        (RETURN if same as keystore password): keypassword 
    > Re-enter new password: keypassword

检索您存储的密码(即'thepassword'):

InputStream is = new FileInputStream(new File("my-keystore.jceks"));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(is, "keystorepassword".toCharArray());
PasswordProtection pp = new PasswordProtection("keypassword".toCharArray());
SecretKeyEntry ske = (SecretKeyEntry) ks.getEntry("my-alias", pp);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5ANDDES");
PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(ske.getSecretKey(), PBEKeySpec.class);
String password = new String(keySpec.getPassword());
System.out.println(password);

输出:密码

请注意,当您存储一个字符串时,它默认为 PBEWITHMD5ANDDES 算法。因此,您需要下载 javax-crypto.jar 并将其与您的程序一起编译 javac -cp javax-crypto.jar your-program.java