KeyStore with BouncyCastleProvider: KeyStore integrity check failed

Question

I want to use a self-signed signature for ssl connections. I'm following this post.

My problem: After creating the Keystore my integrity-check fails.

Keytool-Error: java.io.IOException: KeyStore integrity check failed.

I'm still searching but maybe someone can save me some time.

Answer 1

Make sure you are using the right password to open the keystore. I was having this error and turns out I was still using the password from the example code in trusted.load()

Answer 2

I had the same problem where I tried to open a KeyStore file I saved locally and 2 reasons comes to mind:

• You are storing your KeyStore and loading it with a different password.
• Your KeyStore file was damaged some how thus flagging the integrity check.

I'd suggest you try to save and load another file with the same password (fixed) just to see if it will load normally.

Answer 3

I have found another corner case that can provoke this message.

I exported a PKCS12 keystore with openssl and then tried to import it into an existing keystore with keytool . I received the 'integrity check failed' error at this step despite the password being good when I listed the contents of the PKCS12 keystore.

The problem turned out to be because I'd used a password exactly 50 characters long. Although this is accepted by openssl , I understand that this is the maximum size of the buffer used and that the last character of the password get overwritten by an 'end of string' character.

Exporting the PKCS12 keystore again with a password of only 49 characters long fixed my issue.

Answer 4

确保使用FileOutputStream.close()正确关闭密钥库文件，否则将标记为已丢失完整性