Bug ID: 6178366 REGRESSION: keytool corrupts password entered on prompt

6178366 : REGRESSION: keytool corrupts password entered on prompt

Details

Type:	Bug	Submit Date:	2004-10-13
Status:	Resolved	Updated Date:	2010-04-02
Project Name:	JDK	Resolved Date:	2004-12-17
Component:	security-libs	OS:	solaris_9
Sub-Component:	java.security	CPU:	sparc,generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	5.0,5.0u2
Fixed Versions:	6

Related Reports

Backport:	JDK-2121478 - REGRESSION: keytool corrupts password entered on prompt
Duplicate:	JDK-6211837 - Regression Failure: sun/security/tools/keytool/CloneKeyAskPassword.sh on tiger
Duplicate:	JDK-6202915 - keytool cannot change keypasswd twice

Sub Tasks

Description

Found with J2SE 1.5.0 FCS (b64).

Steps to reproduce:
- generate key using
  keytool -genkey -alias MyAlias -keystore ./keystore
  type in infos for dname and choose some passwords
- list the keys (optional)
  keytool -list -keystore ./keystore
- try to clone key
  keytool -keyclone -alias MyAlias -keystore ./keystore
  you will be prompted for keystore password which passes OK, then for key
  password which fails. See "conversation" bellow.

jt146064@sr-eprg05-01:~/tmp/keytooltest>java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Server VM (build 1.5.0-b64, mixed mode)
jt146064@sr-eprg05-01:~/tmp/keytooltest>which java
/home/jt146064/java/bin/java
jt146064@sr-eprg05-01:~/tmp/keytooltest>which keytool
/home/jt146064/java/bin/keytool
jt146064@sr-eprg05-01:~/tmp/keytooltest>keytool -genkey -alias MyAlias -keystore ./keystore
Enter keystore password:  jt146064
What is your first and last name?
  [Unknown]:  Jiri Tusla
What is the name of your organizational unit?
  [Unknown]:  G11n
What is the name of your organization?
  [Unknown]:  SMI
What is the name of your City or Locality?
  [Unknown]:  Prague
What is the name of your State or Province?
  [Unknown]:  Czech Rep.
What is the two-letter country code for this unit?
  [Unknown]:  CZ
Is CN=Jiri Tusla, OU=G11n, O=SMI, L=Prague, ST=Czech Rep., C=CZ correct?
  [no]:  yes

Enter key password for <MyAlias>
        (RETURN if same as keystore password):  prague_g11n
jt146064@sr-eprg05-01:~/tmp/keytooltest>keytool -list -keystore ./keystore
Enter keystore password:  jt146064

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

myalias, Oct 13, 2004, keyEntry,
Certificate fingerprint (MD5): 49:DB:62:B6:79:D6:97:61:C9:11:23:B0:0B:1D:B5:2F
jt146064@sr-eprg05-01:~/tmp/keytooltest>keytool -keyclone -alias MyAlias -dest SCTAlias -keystore ./keystore
Enter keystore password:  jt146064
Enter key password for <MyAlias>prague_g11n
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
jt146064@sr-eprg05-01:~/tmp/keytooltest>
###@###.### 10/13/04 10:50 GMT

Comments

SUGGESTED FIX

Fix the catch block (line 1755) in the recoverPrivateKey method in the
sun.security.tools.KeyTool class.
###@###.### 10/14/04 13:29 GMT

2004-10-13

EVALUATION

The keytool utility fails to clone a private key under certain circumstances.

The problem only occurs when the following two conditions are met:
  1) the private key (to be cloned) is protected by a password that is
     different from the password that protects the keystore.
  2) the key password has not been supplied as a command-line argument
     to keytool.

Since no key password has been provided, KeyTool first tries to recover the
key using the keystore password. That will fail and throw an
UnrecoverableKeyException. The exception is caught and the user is prompted
to enter the key's password. KeyTool then tries to recover the key using
the supplied password. The key will be found if the password is correct.

The problem is that following the retry, the exception gets thrown anyway.
###@###.### 10/14/04 13:29 GMT

2004-10-13

WORK AROUND

Pass all passwords as a CLI parameters to keytool
###@###.### 10/13/04 10:50 GMT

2004-10-13

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together