java.io.IOException：异常解包私钥 - java.security.InvalidKeyException：pad 块损坏

Question

I am trying to connect an android app to an XML web service under IIS over SSL (Self Signed SSL). I've followed below procedure:

1. creating a Self Signed Certificate under IIS Manager
2. export that certificate as a pfx file
3. then converting pfx to (java keystore) jks (PKCS12 format) as detailed below
4. embedding jks as a raw data in android app
5. and reading the content of jks file as follows

Converting pfx to jks

keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 
-destkeystore cert.jks -deststoretype pkcs12

Reading the content of jks

KeyStore keyStore = KeyStore.getInstance("pkcs12");
InputStream in = _context.getResources().openRawResource(R.raw.cert);
try
{
    keyStore.load(in, "123456".toCharArray());
    mgrFact.init(keyStore, "123456".toCharArray());
}
catch (Throwable t)
{
    logger.error(t.getMessage());
}
finally
{
    in.close();
}

And now keyStore.load throws the following exception

java.io.IOException: exception unwrapping private key 
-java.security.InvalidKeyException: pad block corrupted

Where may I've made a mistake?

In fact, I followed what has been described here

Thanks

Answer 1

I know that the question is 4 years old, but just in case someone else get the same error:

I don't know why but there seem to be differences between the keystore generated with keytool of OpenJDK 11 and the one (with same certificates / keys / passwords) generated by keytool of Oracle JDK 8.

The problem for me arose using the keystore-jdk11.p12 under

• Tomcat 8.5
• Oracle JVM 8 (u241)

I fixed this simply reimporting the content of the keystore generated with OpenJDK 11 with keytool of Oracle JDK 8, with

/path/of/jdk8.241/bin/keytool \
   -importkeystore \
   -srckeystore keystore-jdk11.p12 \
   -destkeystore keystore-jdk8.p12 \
   -deststoretype pkcs12