堆栈内存溢出
  简体   繁体   English

使用BouncyCastleProvider的KeyStore:KeyStore完整性检查失败

[英]KeyStore with BouncyCastleProvider: KeyStore integrity check failed

 原文  2012-10-29 16:21:38       java/ ssl/ bouncycastle/ keystore

问题描述

I want to use a self-signed signature for ssl connections. 我想为ssl连接使用自签名签名。 I'm following this post. 我正在关注这篇文章。

My problem: After creating the Keystore my integrity-check fails. 我的问题:创建密钥库后,我的完整性检查失败。 

Keytool-Error: java.io.IOException: KeyStore integrity check failed.

I'm still searching but maybe someone can save me some time. 我还在寻找,但也许有人可以节省我一些时间。

4 个解决方案

解决方案1
 31 已采纳  2012-12-06 05:22:00

Make sure you are using the right password to open the keystore. 确保使用正确的密码打开密钥库。 I was having this error and turns out I was still using the password from the example code in trusted.load() 我有这个错误,结果我仍然使用trusted.load()的示例代码中的密码

解决方案2
 13  2012-12-05 16:07:38

I had the same problem where I tried to open a KeyStore file I saved locally and 2 reasons comes to mind: 我遇到了同样的问题,我试图打开一个本地保存的KeyStore文件,有两个原因:

  • You are storing your KeyStore and loading it with a different password. 您正在存储KeyStore并使用不同的密码加载它。
  • Your KeyStore file was damaged some how thus flagging the integrity check. 您的KeyStore文件已损坏,因此标记完整性检查。

I'd suggest you try to save and load another file with the same password (fixed) just to see if it will load normally. 我建议您尝试使用相同的密码保存并加载另一个文件(已修复),看它是否会正常加载。

解决方案3
 2  2018-03-06 11:30:34

I have found another corner case that can provoke this message. 我找到了另一个可以引发这条消息的角落案例。

I exported a PKCS12 keystore with openssl and then tried to import it into an existing keystore with keytool . 我使用openssl导出了一个PKCS12密钥库,然后尝试将其导入到具有keytool的现有密钥库中。 I received the 'integrity check failed' error at this step despite the password being good when I listed the contents of the PKCS12 keystore. 我在这一步收到了“完整性检查失败”错误,尽管我列出了PKCS12密钥库的内容时密码正常。

The problem turned out to be because I'd used a password exactly 50 characters long. 问题原来是因为我使用的密码长度恰好是50个字符。 Although this is accepted by openssl , I understand that this is the maximum size of the buffer used and that the last character of the password get overwritten by an 'end of string' character. 虽然这是openssl接受的,但我知道这是所用缓冲区的最大大小,并且密码的最后一个字符被“字符串结束”字符覆盖。

Exporting the PKCS12 keystore again with a password of only 49 characters long fixed my issue. 再次使用仅49个字符的密码导出PKCS12密钥库修复了我的问题。

解决方案4
 1  2017-02-20 12:36:40

确保使用FileOutputStream.close()正确关闭密钥库文件,否则将标记为已丢失完整性

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 密钥库未能通过 PKCS12 完整性检查,但 keytool 有效 - Java keystore failed PKCS12 integrity checking but keytool works 检查密钥库中是否存在别名 - Check if an alias exist in keystore 加载密钥库而不检查其完整性 - Loading a keystore without checking its integrity Android Studio - 无法创建密钥库 - Android Studio - Failed to create keystore JMXConnector无法与ssl密钥库连接 - JMXConnector failed to connect with ssl keystore openjdk1.7:使用BouncyCastleProvider时无法列出PKCS11密钥库别名 - openjdk1.7 : fail to list PKCS11 keystore aliases when BouncyCastleProvider is used 尝试使用 Java Keystore 解析 WS2016 生成的 PKCS12:PKCS12 完整性检查失败 - Trying to parse PKCS12 generated by WS2016 using Java Keystore: Failed PKCS12 integrity checking java.security.InvalidKeyException:密钥库操作失败 - java.security.InvalidKeyException: Keystore operation failed 密钥库操作失败,并带有RSA标志和验证 - Keystore operation failed with RSA sign and verify 密钥库操作失败:填充模式不兼容 - Keystore operation failed :Incompatible padding mode
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM