2

I am trying out couple of approaches in my design and want to know if the Keystore instance in server.xml can have a blank password ( string of length zero)

<keyStore id="samplePKCS12KeyStore" password="" location="MyKeyStoreFile.p12" type="PKCS12"  />

I have a key store with blank password and I get the following exception

did not load because of the following error: failed to decrypt safe contents entry: java.io.IOException: getSecretKey failed: Password is not ASCII

Thanks

Jane
  • 53
  • 6
  • If keystore has no password, perhaps removing the `password` attribute would work, i.e. no password vs zero-length password. – Andreas Apr 14 '17 at 19:28
  • Thanks but password is always a required attribute. setting password to zero length string gives the above exception. – Jane Apr 14 '17 at 19:40

1 Answers1

0

Using an empty string in your case I think will to load the keystore with empty string. The error you are getting is basically a bad password error, the error will be different depending the level of the JDK you are using. So with PKCS12 keystore even if the keystore is loaded with no password you can't get any cert inside of it, at least that's my experience with PKCS12. In JKS keystore you can access cert entries but not key entries.

In more recent Liberty levels the password is not required. And will load a JKS keystore without a password. But that keystore would not be able to used by a key manager, you need a password to access a key.

Alaine
  • 419
  • 2
  • 5