I am using wso2-emm 2.0.1 with ubuntu x64 system. While configuring the product I am getting one error in genrating .bks file for android agent certificate.
I've used this cmd:
keytool -noprompt -import -v -trustcacerts -alias 'openssl x509 -inform PEM -subject_hash -noout -in ca_cert.pem' -file ca_cert.pem -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storepass 'wso2carbon'
And the correspoding errror is :
keytool error: java.io.IOException: Wrong version of key store.
java.io.IOException: Wrong version of key store.
at org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(Unknown Source)
Thanks in advance
Related
I needed to create a jave keystore and so I downloaded the latest version of openssl but kept getting:
keytool error: java.io.IOException: keystore password was incorrect
As well as windows telling me I had the wrong password if I tried to import the .p12. After hours of trying to get things to work I finally downloaded v1.1.1 and POW things just worked!
Problem solved! but why - why does OpenSSL v3.0.0 not work like v1.1.1?
C:\openssl3> openssl pkcs12 -export -name tomcat -in cert.cer -inkey key -out ks300.p12
C:\openssl3> openssl pkcs12 -info -in ks300.p12
Enter Import Password:
<works fine>
...
</works fine>
C:\openssl3> keytool -list -v -keystore ks300.p12
Enter keystore password:
keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
...
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 6 more
then:
C:\openssl1.1.1> openssl pkcs12 -export -name tomcat -in cert.cer -inkey key -out ks111.p12
C:\openssl1.1.1> openssl pkcs12 -info -in ks111.p12
<works fine />
C:\openssl1.1.1> keytool -list -v -keystore ks111.p12
Enter keystore password:
<works fine />
C:\openssl1.1.1> C:\openssl3\openssl pkcs12 -info -in ks111.p12
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
5C200000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:346:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
C:\openssl1.1.1>openssl pkcs12 -info -in ks300.p12
<works fine>
Now that last one surprised me as I was collecting the output for this post, but yes the openssl1.1.1 read the openssl3 .p12 file fine but not the other way (openssl3 cannot read the openssl1.1.1 .p12). The keytool and windows kept complaining about the password for the openssl3 .p12 -- but COULD read the v1.1.1 one.
Is there some downward compatibility option I missed.
I seem to be the only person on the internet to run into this issue which usually means that I did something wrong.
some other data points:
C:\> Java --version
openjdk 11.0.2 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)
C:\openssl3>openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)
C:\openssl1.1.1>openssl version
OpenSSL 1.1.1l 24 Aug 2021
Can we generate the new debug key in ~/.android folder? I already deleted the old debug.keystore from android folder and created the new one. Also, I am confused that everywhere is written to get the debug key
keytool -genkey -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US"
~/.android folder is specified.
So, my question is can we generate the new key in project (android/app/debug.keystore) in react native. If we need to generate the new debug key what are the cons and prons.
In React Native when I'm trying to get Google GPS API key in Google console, I have seen package name and SHA-1 key where to I get SHA-1 key in React Native
How to get SHA-1 key in React Native cli? (not in Expo).
Windows:
– Open a terminal window
– Change the directory to the JDK bin directory. The path of the JDK depends upon the operating system you are using
cd C:\Program Files\Java\jdk1.8.0_121\bin
– Now we have to run the following command using the keytool.exe file in JDK/bin
keytool -list -v -keystore "%USERPROFILE%\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android
Ubuntu/Mac
– Open a terminal window
– Now run the following command
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
For more details click Here
From React-native Project:
– Run this command in React-Native App directory
cd android && ./gradlew signingReport
– copy the SHA1 from the debug key (This generates two variant keys. You can copy the 'SHA1' that belongs to the debugAndroidTest variant key option.)
There is debug.keystore available by default in android => app folder so we can use it to generate SHA1 key.
The command is as follows
keytool -exportcert -keystore ./android/app/debug.keystore -list -v
It will ask for password so just press Enter.
As far as I understand you, it's about Android.
You need input certificate fingerprint, what you use for sign *.apk file.
For generate SHA-1 fingerprint, open a terminal window and enter the following:
keytool -list -v -keystore PATH_TO_YOUR_KEYSTORE.keystore -alias YOUR_ALIAS_NAME -storepass YOUR_STORE_PASS -keypass YOUR_KEY_PASS
This should look something like this:
BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75
You can find more information here
If you don't have a certificate yet, I recommend you create it.
How to create a certificate you can read here.
Get SHA1 Key
Simple run below command :
keytool -list -v -keystore ./android/App/debug.keystore -alias androiddebugkey -storepass android -keypass android
if your are Using react native
and using
keytool -list -v -keystore ./android/App/debug.keystore -alias androiddebugkey -storepass android -keypass android
there are Chances getting ERROR
to Avoid ERROR in WINDOWS
1)Run your Command Prompt As Administrator
Navigate to your react-native project's root folder
3)cd android
4)type in ./gradlew signingReport
this will generate All kinds of SHA-1 And SHA-256 and many more details
Even though running keytool on jdk/bin and ./gradlew signingReport command gives SHA-1 & SHA-256 keys I had troubles when using those keys on firebase / gcp to register my app. For some reason running keytool command on project root folder output gives you a SHA-1 key which can be use to register the app in gcp. In windows, there are the steps you should follow
Make sure keytool is the enviroment variable path
Open the cmd in your root project folder (eg: C:/myreactnativeproject/)
run keytool -list -v -keystore ./android/app/debug.keystore -alias androiddebugkey -storepass android -keypass android
And there is your SHA-1
my solution: keytool -J-Duser.language=en -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
first move to android folder cd android
and than simply run .\gradlew signingReport command
this help me on windows operating system
First Go To Your Project Directory And Just Simple Run This Command
keytool -list -v -keystore ./android/App/debug.keystore -alias androiddebugkey -storepass android -keypass android
And You Can Get
I'm attempting to generate a signed APK for my react-native project. I've received the error message error: "uncompiled PNG file passed as argument. Must be compiled first into .flat file.."
How do I resolve this issue? I've looked at this question and have also tried adding android.enableAapt2=false to the gradle-wrapper.properties file.
I have also tried manually creating a debug build as instructed here:
Finally, I noticed that there's a key component missing in the rn documentation
The first step is to
keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000
However, I did not see anywhere about specifying the location for the my-release-key.keystore file. I was not able to get this to work until I used
keytool -genkey -v -keystore d:\my_private_key.keystore -alias my_key_alias -keyalg RSA -keysize 2048 -validity 10000
android.enableAapt2=false
should be placed inside gradle.properties NOT gradle-wrapper.properties!
I've got a pfx certificate that I need to reference by alias. The problem is that keytool can't find that alias, even though it shows on the list.
keytool -list -keystore temp.pfx -storetype pkcs12
gives me this:
...
0c5fc7cef279ca390acd2d6bac9ffcf8_ba0cbbb3-323d-4394-8e76-47838adb2a9c, 08/03/2013, PrivateKeyEntry,
...
But whenever I try to use keytool to do anything with that alias (i.e., export, rename), it gives me an error:
keytool error: java.lang.Exception: Alias <0c5fc7cef279ca390acd2d6bac9ffcf8_ba0cbbb3-323d-4394-8e76-47838adb2a9c> does not exist
Any ideas?
It turns out that after inspecting the output of keytool -list on vim, I found a null character at the end of the alias (which doesn't get printed to the console). Once I added that to the command that references an alias, it worked:
keytool -keyclone -changealias -v -dest "new_alias" -new newpass -keystore temp.pfx -storetype pkcs12 -alias 0c5fc7cef279ca390acd2d6bac9ffcf8_ba0cbbb3-323d-4394-8e76-47838adb2a9c$'\x00'
Where the very end is what really matters: $'\x00' stands for null character in bash. Keep in mind that this is pretty shell-dependent.
my case was similar to Andre, but the alias was
letsencryptisrgx1 [jdk]
so using alias "letsencryptisrgx1 [jdk]" it worked for me