当前位置: 文江博客话题详情

java.io.IOException:无效的密钥库格式

发布于 2024-07-25 19:13:03 字数 1824 浏览 5 评论 0原文

有谁知道如何解决这个问题? 我尝试了很多方法,但没有一个有效。

当我单击更多详细信息时,我得到以下信息:

at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
atsun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.RootCertStore.loadCertStore(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
原文

Does anyone know how to solve this?
I tried many things, but none of them worked.

And when I click more details I get this:

at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
atsun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.RootCertStore.loadCertStore(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(22

橪书 2024-08-01 19:13:03

您可能会在复制/传输过程中损坏文件。

你用的是maven吗?
如果您使用“filter=true”复制密钥库文件,则可能会损坏该文件。

请检查文件大小。

You may corrupt the file during copy/transfer.

Are you using maven?
If you are copying keystore file with "filter=true", you may corrupt the file.

Please check the file size.

回复 原文
音盲 2024-08-01 19:13:03

也许maven对你的KeyStore进行了编码,你可以设置filtering=false来解决这个问题。

<build>
    ...
    <resources>
        <resource>
            ...
            <!-- set filtering=false to fix -->
            <filtering>false</filtering>
            ...
        </resource>
    </resources>
</build>

Maybe maven encoding you KeyStore, you can set filtering=false to fix this problem.

<build>
    ...
    <resources>
        <resource>
            ...
            <!-- set filtering=false to fix -->
            <filtering>false</filtering>
            ...
        </resource>
    </resources>
</build>
回复 原文
随遇而安 2024-08-01 19:13:03

我对不同版本的 keytool 遇到了同样的问题:

C:\Program Files\Java\jdk1.8.0_51\bin\keytool

但相同的密钥库文件在

"C:\Program 上运行良好Files\Java\jre1.8.0_201\bin\keytool"

我知道这是一个旧线程,但花了很多时间来解决这个问题...:D

I had the same issue with different versions of keytool:

C:\Program Files\Java\jdk1.8.0_51\bin\keytool

but the same keystore file worked fine with

"C:\Program Files\Java\jre1.8.0_201\bin\keytool"

I know it is an old thread but have lost a lot of hours figuring this out... :D

回复 原文
や三分注定 2024-08-01 19:13:03

(重新)安装最新的 JDK(例如 Oracle 的)修复了该问题为我。

在安装最新的 JDK 之前,当我在 Terminal.app 中执行以下命令时:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

结果是:

keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at sun.security.tools.keytool.Main.doCommands(Main.java:792)
    at sun.security.tools.keytool.Main.run(Main.java:340)
    at sun.security.tools.keytool.Main.main(Main.java:333)

但是,在安装最新的 Oracle JDK 并重新启动终端之后,执行以下命令:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

结果是:

Enter keystore password:

这表明路径上的 keytool 可以访问密钥库。

(Re)installing the latest JDK (e.g. Oracle's) fixed it for me.

Prior to installing the latest JDK, when I executed the following command in Terminal.app:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

It resulted in:

keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at sun.security.tools.keytool.Main.doCommands(Main.java:792)
    at sun.security.tools.keytool.Main.run(Main.java:340)
    at sun.security.tools.keytool.Main.main(Main.java:333)

But, after installing the latest Oracle JDK and restarting Terminal, executing the following command:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

Results in:

Enter keystore password:

Which indicates that the keytool on path can access the keystore.

回复 原文
我是男神闪亮亮 2024-08-01 19:13:03

我在这方面花了很多时间,最后这对我有用 -

转到文件 -> 项目结构-> SDK位置-> Gradle 设置 -> 更改 Gradle JDK -> 从 1.8 到 11

“在此处输入图像描述”"

只需更改 Gradle JDK -> 从 1.8 到 11 然后重建项目并重试

I had spent lot of time on this and finally This worked for me -

go to file -> project structure -> SDK Location -> Gradle Settings -> Change Gradle JDK -> from 1.8 to 11

enter image description here

Just change Gradle JDK -> from 1.8 to 11 then rebuild the project and try again

回复 原文
反差帅 2024-08-01 19:13:03

对我来说,发生这个问题是因为我在笔记本电脑上使用 1.8.0_251 生成了 .jks 文件,并将其复制到具有 java 1.8.0_45 的服务器上,当我在代码中使用该 .jks 文件时,我得到了 java.io.IOException: Invalid密钥库格式。

为了解决这个问题,我直接在服务器上生成了 .jks 文件,而不是从具有不同 java 版本的笔记本电脑复制到那里。

for me that issue happened because i generated .jks file on my laptop with 1.8.0_251 and i copied it on server witch had java 1.8.0_45 and when I used that .jks file in my code i got java.io.IOException: Invalid Keystore format.

to solve this issue i generated .jks file directly on the server instead of copy there from my laptop which had different java version.

回复 原文
笑脸一如从前 2024-08-01 19:13:03

您可以通过在 android/app/ 目录中运行此命令来生成调试密钥库:

keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000

或者从官方模板下载 https://raw.githubusercontent.com/facebook/react-native/master/template/android/app/debug.keystore

You can generate the debug keystore by running this command in the android/app/ directory:

keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000

Or just download from official template https://raw.githubusercontent.com/facebook/react-native/master/template/android/app/debug.keystore

回复 原文
前事休说 2024-08-01 19:13:03

我认为您要使用的密钥库文件的格式与您的 Java 版本不同或不受支持。 您可以发布更多有关您的任务的信息吗?

一般来说,要解决此问题,您可能需要重新创建整个密钥库(例如使用其他 JDK 版本)。 在导出-导入旧密钥和新密钥之间的密钥 - 如果您设法在其他地方打开旧密钥。

如果它只是一个不受支持的版本,请尝试 BouncyCastle 加密提供程序,例如 (尽管我不确定它是否增加了对 Java 的更多密钥库类型的支持?)

编辑:我查看了 BC 的功能规范。

I think the keystore file you want to use has a different or unsupported format in respect to your Java version. Could you post some more info of your task?

In general, to solve this issue you might need to recreate the whole keystore (using some other JDK version for example). In export-import the keys between the old and the new one - if you manage to open the old one somewhere else.

If it is simply an unsupported version, try the BouncyCastle crypto provider for example (although I'm not sure If it adds support to Java for more keystore types?).

Edit: I looked at the feature spec of BC.

回复 原文
不必你懂 2024-08-01 19:13:03

您的密钥库已损坏,您必须恢复或重新生成它。

Your keystore is broken, and you will have to restore or regenerate it.

回复 原文
提笔书几行 2024-08-01 19:13:03

我在 ubuntu 上遇到了 openJDK 的问题,必须安装 Oracle JDK 才能正常工作。

您可以按照Google 网站上的指南来执行此操作。

I ran into the problem with openJDK on ubuntu, had to install Oracle JDK to get it working.

You can follow this guide on google sites to do that.

回复 原文
魄砕の薆 2024-08-01 19:13:03

这里有同样的问题,我安装了 Oracle JDK,并且使用它创建了我的密钥库,但在 jceks 格式中,

keytool -importkeystore -destkeystore client.keystore \
    -srckeystore redislabs_user.p12 -srcstoretype pkcs12 \
    -deststoretype jceks -alias client-cert

我删除了 -deststoretype jceks 选项,它工作得很好:)

Same issue here, I have Oracle JDK installed and my keystore was created using that, but in the jceks format

keytool -importkeystore -destkeystore client.keystore \
    -srckeystore redislabs_user.p12 -srcstoretype pkcs12 \
    -deststoretype jceks -alias client-cert

I deleted the -deststoretype jceks option and it worked fine :)

回复 原文
瑾夏年华 2024-08-01 19:13:03

就我而言,我使用 Java 版本 1.8 运行该项目。 以及我从 java 16 生成的 Keystore.jks 文件。
我将项目 java 版本更改为 16,错误消失了。

请检查您生成密钥库所用的 JDK 版本与您项目的 JDK 版本是否相同。 如果它们不同,请从当前项目运行的同一 JDK 生成密钥库,或者更改项目 JDK。

In my case, I was running the project with Java version 1.8. and the Keystore.jks file that I generated from java 16.
I changed my project java version to 16 and the error goes away.

Please check the JDK version with which you are generating the keystore and the JDK version for your project are the same or not. If they are different, either generate the keystore from the same JDK on which your current project is running or change the project JDK.

回复 原文
你的呼吸 2024-08-01 19:13:03

Java v8 和 Java v11 的密钥库生成方式不同。
Java v8 生成 jks 格式的密钥库,我猜 Java v11 生成 PKCS12 类型的密钥库,扩展名为 .p12。

您可以做的就是尝试将 .jks 格式的密钥库转换为 .12,然后尝试反之亦然。 这可能会有所帮助。
句法:
要将 PKCS12 (.p12) 密钥库转换为 JKS (.jks) 密钥库,请运行以下命令:

keytool -importkeystore -srckeystore key.p12 -srcstoretype pkcs12 -destkeystore key.jks -deststoretype jks

其中 key.p12 是 p12 文件的名称,key.jks 是要创建的 jks 密钥库的名称。

执行相同操作的命令是:
keytool -importkeystore -srckeystore kafkatools.truststore.jks -srcstoretype pkcs12 -destkeystore trust.jks -deststoretype jks

这是我自己使用的并摆脱了无效密钥库问题。

参考:https: //knowledge.broadcom.com/external/article/151981/how-to-convert-a-pkcs12-p12-keystore-to.html

The Keystore generation is different for Java v8 and Java v11.
Java v8 produces keystore of the jks format and I guess Java v11 produces keystore of type PKCS12 with ethe extension .p12.

What you could do is try converting the keystore of .jks format to .12 and try and vice versa. This might help.
Syntax:
To convert a PKCS12 (.p12) keystore to a JKS (.jks) keystore, please run the following command:

keytool -importkeystore -srckeystore key.p12 -srcstoretype pkcs12 -destkeystore key.jks -deststoretype jks

where key.p12 is the name of the p12 file and key.jks is the name of the jks keystore to be created.

The command to do the same is:
keytool -importkeystore -srckeystore kafkatools.truststore.jks -srcstoretype pkcs12 -destkeystore trust.jks -deststoretype jks

This is what I used myself and got rid of the invalid keystore issue.

Reference: https://knowledge.broadcom.com/external/article/151981/how-to-convert-a-pkcs12-p12-keystore-to.html

回复 原文
随梦而飞# 2024-08-01 19:13:03

我在运行 keytool 命令时遇到了这个问题。 还有另一种运行 keytool 命令的方法,如下所示:https://developers。 google.com/android/guides/client-auth 使用 gradlew 命令

当我在调试模式下运行时 ./gradlewsigningReport --debug 知道 gradle 插件需要 java 11 而我的本地有 java8。 下载了java11并更新了路径。 运行命令(确保打开一个新终端,以便 java 路径反映为 11)。 奇迹般有效 !!!

I came across this issue while running keytool command. There is an other way to run the keytool command, mentioned here: https://developers.google.com/android/guides/client-auth using gradlew command.

When I ran in debug mode ./gradlew signingReport --debug got to know that gradle plugin required java 11 and my local has java8. Downloaded java11 and updated Path. Ran the command (Make sure you open a new terminal so that java path is reflected to 11). Works like a charm !!!

回复 原文
許願樹丅啲祈禱 2024-08-01 19:13:03

这对我有用(切换到JDK 11,而不是8)

以前的JAVA路径“C:\ Program Files \ Java \ jdk1.8.0_202 \ bin”

Changed Path to "C:\Program Files\Java\jdk-11.0.14\bin"

This worked for me (Switched to JDK 11, instead of 8)

Previous JAVA Path "C:\Program Files\Java\jdk1.8.0_202\bin"

Changed Path to "C:\Program Files\Java\jdk-11.0.14\bin"
回复 原文
幸福还没到 2024-08-01 19:13:03

就我而言,更新到 Api 33 后,当 jarsigner 需要 jks 格式时,keytool 正在使用 pkcs12 格式创建密钥库。 创建后必须转换密钥库: keytool -importkeystore -srckeystore .\original.keystore -destkeystore .\destination.keystore -deststoretype jks

In my case, after updating to Api 33, keytool was creating keystore with the pkcs12 format when the jarsigner was expecting jks format. Had to convert the keystore after creating: keytool -importkeystore -srckeystore .\original.keystore -destkeystore .\destination.keystore -deststoretype jks

回复 原文
娇柔作态 2024-08-01 19:13:03

去建造
清理项目
然后重建你的项目
它对我有用。

go to build
clean the project
then rebuild your project
it worked for me.

回复 原文
醉殇 2024-08-01 19:13:03

可能需要以管理员身份运行cmd
指定 .jks 文件的路径必须是 / 而不是 \

如果他们使用 .jks 文件所在的路径打开 cmd,则只会输入 /key.jks 路径

It may be necessary to run cmd as administrator.
the paths to specify the .jks file must be / and not \.

If they open the cmd with the path where the .jks file is located, they only put in the /key.jks path

回复 原文
吾性傲以野 2024-08-01 19:13:03

我也遇到了“无效密钥库格式”的问题。 所有这些答案都无法帮助我。

就我而言,问题出在 Mac 操作系统上。 JAVA_HOME=jdk1.8 未从 .zschrc 中提取,因此我认为可以在其上生成证书,但默认为 jdk11。 我用“jenv”将其更改为jdk1.8并生成证书。 怎么运行的。

您可以通过brew下载jenv。 命令

jenv versions

还有一些我用来检查 JDK 所有版本的

jenv global JDK

来设置想要 jdk

java -version

来检查它

I had problem with "Invalid Keystore format" too. All this answers can't helped me.

In my case problem was on Mac OS. JAVA_HOME=jdk1.8 not pulled from .zschrc, so I think that generate certs on it, but default was jdk11. I changed it to jdk1.8 with "jenv" and generate certs. How it works.

You can download jenv by brew. And some commands that I used

jenv versions

to check all versions of JDK

jenv global JDK

to set wanted jdk

java -version

to check it

回复 原文
桃酥萝莉 2024-08-01 19:13:03

升级你的 JVM 版本 - 我从 Java 8 迁移到 java 17 并且它已修复。

来自甲骨文:

In Java 8u301 release, a new fix went in to upgrade the default PKCS12 encryption algorithm, as noted in Java 8u301 release notes at https://www.oracle.com/java/technologies/javase/8all-relnotes.html#R180_301

➜ Upgraded the Default PKCS12 Encryption Algorithms
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.

For compatibility, a new system property named keystore.pkcs12.legacy is defined that will revert the algorithms to use the older, weaker algorithms.  There is no value defined for this property.

Upgrade your JVM version - I moved from Java 8 to java 17 and it was fixed.

From Oracle:

In Java 8u301 release, a new fix went in to upgrade the default PKCS12 encryption algorithm, as noted in Java 8u301 release notes at https://www.oracle.com/java/technologies/javase/8all-relnotes.html#R180_301

➜ Upgraded the Default PKCS12 Encryption Algorithms
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.

For compatibility, a new system property named keystore.pkcs12.legacy is defined that will revert the algorithms to use the older, weaker algorithms.  There is no value defined for this property.
回复 原文
流绪微梦 2024-08-01 19:13:03

还有另一个原因:如果您的系统上有多个 JDK 版本,并使用一个版本生成密钥库,但尝试使用不同版本导入它,您将遇到该错误。 就我而言,我使用 JDK 17 创建密钥库,并使用 JDK 8 导入它。

Here's another reason: If you have multiple JDK versions on your system and generate a keystore with one version but try to import it using a different version, you'll encounter the error. In my case, I used JDK 17 to create the keystore and JDK 8 to import it.

回复 原文
欢你一世 2024-08-01 19:13:03

在我的特定情况下,我要求 Maven 过滤器在 application.yaml 文件上运行,因此需要将过滤器设置为 true。 为了解决这个问题,我采用了 maven-resources-plugin 作为可行的解决方案。 这种方法也可能对您的需求有效。

以下是使用 Maven 资源插件配置修改后的 XML 代码:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-resources-plugin</artifactId>
    <configuration>
        <nonFilteredFileExtensions>
            <nonFilteredFileExtension>jks</nonFilteredFileExtension>
        </nonFilteredFileExtensions>
    </configuration>
</plugin>

In my particular case, I require the Maven filter to function on the application.yaml file, thereby necessitating the filter to be set to true. To address this issue, I employed the maven-resources-plugin as a viable solution. It is possible that this approach could also prove effective for your needs.

Here is the modified XML code with the Maven resource plugin configuration:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-resources-plugin</artifactId>
    <configuration>
        <nonFilteredFileExtensions>
            <nonFilteredFileExtension>jks</nonFilteredFileExtension>
        </nonFilteredFileExtensions>
    </configuration>
</plugin>
回复 原文
~没有更多了~

关于作者

提赋

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文