BKS_V1 Keystore not detected as BKS_V1 Keystore

Question

BKS_V1 Keystore not detected as BKS_V1 Keystore

scop opened this issue 8 years ago · 3 comments

scop commented 8 years ago

Steps to reproduce:

create a BKS_V1 keystore or create a BKS keystore and convert it to BKS_V1
inspect it with Keystore Report. It shows BKS_V1
Close Portecle.
Open the keystore again and inspect it with Keystore Report. It shows BKS (even though it actually is BKS_V1, as I could confirm by testing with an older Bouncycastle version).

Maybe there is a missing check of the STORE_VERSION.
Version 0 for BKS_V1, higher for BKS.

Reported by: redirion

Answer 1 · 2016-11-11T10:00:21.000Z

I'm not sure what you mean by checking STORE_VERSION. Is there an API for doing that available?

FWIW, I think BC should just tell us the correct type when asked with KeyStore.getType; currently it always says BKS no matter if the store was created as BKS or BKS-V1. That way things would just work. Could you file a BC bug about this?

Original comment by: scop

Answer 2 · 2016-11-11T10:27:33.000Z

I have to correct myself: Version 0 is of course not BKS_V1. Version 1 is correct.
To check the store version of a BKS keystore just open a DataInputStream of the keystore and read the first int. It contains the version. 1 is for BKS_V1 and higher is BKS.

Examplecode:
DataInputStream dis = new DataInputStream(Test.class.getClassLoader().getResourceAsStream("certstore.bks"));
int storeVersion = dis.readInt();
if(storeVersion == 1) {
System.out.println("BKS_V1 keystore");
} else {
System.out.println("BKS keystore with store version " + storeVersion);
}

Original comment by: redirion

Answer 3 · 2016-11-11T10:46:54.000Z

I don't think I want to embed this low level details about key store formats inside Portecle. Having BC just tell us what it has would be the preferable approach.

Original comment by: scop