jarsigner "Only one alias can be specified" - jarsigner

In Windows command prompt:
>keytool -genkey -alias me
>keytool -selfcert -alias me
>jarsigner myJar.jar me
Only one alias can be specified
I have failed to find any info on this error on the web. I'm obviously only specifying one alias here. What could I be doing wrong?

I was getting the same error.
I resolved it by renaming the folders in my path
c:\this is a folder\ replaced with c:\this_is_a_folder\
jarsigner doesn't like spaces in folders

Just put quotes around the filename(s) with spaces. You need to quote arguments with spaces in them, to any program. Nothing to do with jarsigner whatsoever.

Remove the space from Folder Name like
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.jks D:\AndroidProject\CheckFinalCodeNew\CheckFinalCode\platforms\android\build\outputs\apk\android-release-unsigned.apk my-alias
The problem would be resolve

I had the same problem and solved it by switching to jarsigner from jdk 6. Although I created my cert with keytool from jdk 7, I could not sign it with its jarsigner.

Related

msbuild fails on Certificate could not be opened, network password not correct

I am trying to create a signed appx package as a test using a purchased code signing certificate. I cannot get it to build without installing the cert locally first (which I don't want to do given this will be done in a CI/CD environment).
I am executing the following on a solution containing an empty WPF project and WAP project.
msbuild $Solution_Path /p:Platform=x64 /p:Configuration=Release
/p:UapAppxPackageBuildMode=SideLoadOnly /p:AppxBundlePlatforms="x64"
/p:AppxPackageDir=$App_Packages_Directory /p:AppxBundle=Never
/p:AppxPackageSigningEnabled=true /p:PackageCertificateThumbprint=$myThumbprint
/p:PackageCertificateKeyFile=$myCert /p:PackageCertificatePassword=$myPassword
error: Certificate could not be opened
error: The specified network password is not correct
I have confirmed the password of $myPassword and thumbprint is $myThumprint by importing the cert and verifying it. I have also tried assigning "" to $myThumprint. I have confirmed the location of $myCert
It will build if I assign AppxPackageSigningEnable=false, but it will be unusable as it is not signed.
In appxmanifest, I have assigned Identity/Publisher to the publisher id of the cert (e.g., Publisher="CN=John Doe, O=Acme, L=TheMoon, S=OuterSpace, C=Universe") and Properties/PublisherDisplayName = the cert's CN (=John Doe)
I have tried exporting the pfx into a cer and using that, but that fails on the cert is not usable as it doesn't include a private key.
I have tried exporting the pfx into a base64 string and then creating a pfx from that - still fails (desperate measures).
Any tips greatly appreciated!
I read that a password protected cert needs to be stored in a cert store for msbuild to use it. Therefore, I ignored the cert on build and added it later by doing the following:
Remove all signing parameters from msbuild as follows
msbuild $Solution_Path /p:Platform=x64 /p:Configuration=Release
/p:UapAppxPackageBuildMode=SideLoadOnly /p:AppxBundlePlatforms="x64"
/p:AppxPackageDir=$App_Packages_Directory /p:AppxBundle=Never
/p:AppxPackageSigningEnabled=false
Given the name of the appx will change based on version and I couldn't find a way to pass wildcards to the SignTool, I used this to grab the built appx:
$Packages_2Sign = (Get-ChildItem -Recurse -Path $currentDirectory -Include *.appx).fullname
Finally, use the SignTool to sign the appx built from the prior step
SignTool sign /fd sha256 /a
/f $certificatePath /p $certificatePwd $Packages_2Sign

Could not generate timestamp: Connection reset

I get the following error when compiling an adobe air application:
[java] Could not generate timestamp: Connection reset
This application previously compiled fine a few days earlier. I don't know of any configuration changes to the computer.
I added the following arguments to the build.xml file and the error went away:
<arg value="-tsa" />
<arg value="http://sha256timestamp.ws.symantec.com/sha256/timestamp" />
My guess is that symantec moved the timestamp service that air is using.
[EDIT]
We do builds from the command line using ant; ant uses a file called build.xml. If you are running the adt command from the command line or from a .bat script then you would add -tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp to the existing command.
I encountered the same issue when trying to sign an application with multiple certificates when doing a certificate renewal.
Based on Michael Potter's answer, if you are trying to use ADT to multi-sign the certificate you can use the following command:
adt -migrate -tsa "http://sha256timestamp.ws.symantec.com/sha256/timestamp" -storetype pkcs12 -keystore old_cert.p12 myAppIn.air myAppOut.air
old_cert.p12 - the path to the certificate you want to add (this
would be the old certificate which is now expired)
MyAppIn.air - the app signed with the new certificate
MyAppOut.air - the new file to be created when this process is
complete
To fix my build.xml I added:
<arg line="-tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp"/>
Before, lets say 6 months, similar issue was happening: "Handshake error"
It was due to Java 1.6 being used. Now, I did the same, just other timestamp URL:
<arg value="-tsa http://timestamp.digicert.com" />

Wrong number of fields with openssl

I am trying to run this command
openssl ca -config openssl.cnf -extensions usr_cert -days 375 -notext -md sha256 -in keycsr.pem -out keycert.pem
and i get this error
wrong number of fields on line 2 (looking for field 6, got 5, '' left)
I deleted an entry from my index.txt file recently. is it because of that?
Quite likely.
This error usually occurs when spaces or newlines are used instead of tabs in the file.
Make sure that the editor you use does not automatically transform tabs into spaces and remove any extra newline created when you remove an entry.

OpenSSL Decryption using a Key.txt and IV.txt file

Working with a client to set up OpenSSL file encryption. They've sent us an encrypted file (I'll call it sample.encrypted), along with key and iv files (key.txt and iv.txt).
The contents of the key.txt file look like this:
KEY: [string of 32 characters]
The contents of the iv.txt file look like this:
IV: [string of 16 characters]
I'm running Windows 7 Professional 64-bit, and learned that OpenSSL doesn't come installed by default with Windows (apparently it's primarily used by Linux users?)
So, I've downloaded and installed a 64-bit OpenSSL package from here:
(https:)//slproweb.com/products/Win32OpenSSL.html
Specifically, the "Win64 OpenSSL v1.0.2d Light" build found here:
(https:)//slproweb.com/download/Win64OpenSSL_Light-1_0_2d.exe
Once installed, I had to manually configure my environment variable for the OpenSSL config files as such (from the command prompt):
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
I verified that the path information above was correct, and that the environment variable had stuck, and then attempted to run the following command:
openssl enc -d -K key.txt -iv iv.txt -in sample.encrypted -out sample.decrypted
This was based on the commands found here:https://www.openssl.org/docs/manmaster/apps/openssl.htmland here: https://www.openssl.org/docs/manmaster/apps/enc.html
The command breakdown being:
openssl - the OpenSSL base command
enc - the command used to begin encrypting/decrypting
-d - the tag used to specify decryption
-K - the tag used to specify the use of a key file
key.txt - the key file itself
-iv - the tag used to specify the use of an accompanying initialization vector
iv.txt - the IV file itself
-in - the tag used to specify the input file
sample.encrypted - the input file
-out - the tag used to specify the output file
sample.decrypted - the desired output file
As far as I can tell, the command works - the output file is generated, but its contents are not properly decrypted (it's just garbled text). I don't think there's anything wrong with the files that the client provided, but rather with my implementation of OpenSSL's commands to decrypt the file.
If anyone knows how to properly decrypt a file using provided Key and IV files, help would be greatly appreciated. I've been setting aside other responsibilities while Googling around trying to figure this out.

Converting from cert8.db to PEM

I am having a cert8.db in /home/hari/Desktop/certs directory. Now I want to convert this into PEM. tried to do this by first trying to export the cert8.db in pkcs12 to pem using pkutil
pk12util -o cert.pem -n cert8.db -d /home/hari/Desktop/certs
However this throws an error
pk12util: function failed: security library: bad database.
I have no idea what's going wrong here. Please help me out with it. Also any suggestions on alternative ways of doing this would also be greatly appreciated. Thanks a lot in advance.
You probably have figured it out by now, that the file belongs to Mozilla Firefox 4.x - security database. On Windows 7 Pro this is stored on the system root for some odd reason, that causes my security software to go nuts...
Then again, you might not have Firefox installed in your env.