java keytool 给出“最终块未正确填充”
按照 使用 Keytool 和 OpenSSL 的 Jetty 指南的第 3b 步,最后一步,我正在执行命令:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
当我运行命令时,我得到:keytool错误:java.io.IOException:无法解密安全内容条目:javax.crypto.BadPaddingException:给定的最终块不正确padd
你知道如何解决这个问题吗?
Per step 3b of this Jetty guide for using Keytool and OpenSSL, last step, I'm doing the command:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
When I run the command, I get: keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
Do you know how to resolve this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我也遇到了类似的问题。我最终意识到目标密钥库还指定了密钥密码。因此,我必须使用额外的参数“destkeypass”才能成功导入密钥。
I also came across a similar issue. I realized finally that the destination keystore had a key password also specified. So I had to use an extra argument 'destkeypass' to import the keys successfully.
就我而言,我已经使用下载的 Windows openSSL 完成了一些步骤,并使用 CentOs6 机器上已有的 openSSL 完成了其他步骤。当我在 CentOs/linux 机器上完成所有步骤时,错误消失了。
其次也许有用的注意linux openSSL和Godaddy,注意当你开始“创建CSR”过程时,在生成site.key时使用2048,即:
openssl genrsa -des3 -out site.key 2048
--------- -------- 更新 ------------------
我认为这个错误与我在步骤中犯的密码问题有关。
完成后:
工具提示,输入导出密码:
输入的密码必须在下一步中使用,我所做的是:
但是根据 本文档 该步骤显然同样是:
In my case, I had done some of the steps using Windows openSSL that I downloaded, and other steps using the openSSL already existing on the CentOs6 box. When I did all the steps on the CentOs/linux box, the error went away.
Secondary perhaps helful note linux openSSL and Godaddy, note when you begin the "create CSR" process, use 2048 in generating the site.key, namely:
openssl genrsa -des3 -out site.key 2048
----------------- update ------------------
I think this error is instead related to a password problem I made in the steps.
After one does:
the tool prompts, Enter Export Password:
This password entered, must then be used in the next step, the one I did was:
however per this documentation that step may apparently equally be: