oSumAtrIX
commented
1 year ago Please use the correct JRE mentioned in the docs.
Closed XDream8 closed 1 year ago
oSumAtrIX
commented
1 year ago Please use the correct JRE mentioned in the docs.
XDream8
commented
1 year ago $ java -version
Picked up _JAVA_OPTIONS: -Djava.util.prefs.userRoot=/home/xdream8/.config/java
openjdk version "17.0.6" 2023-01-17
OpenJDK Runtime Environment Temurin-17.0.6+10 (build 17.0.6+10)
OpenJDK 64-Bit Server VM Temurin-17.0.6+10 (build 17.0.6+10, mixed mode, sharing)I am pretty sure there is a problem with revanced-cli.
I even tried doing the same process with different key store types(jks, jceks, bks, pkcs12)
oSumAtrIX
commented
1 year ago Upon further inspection, org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi.engineLoad throws here:
if (version != STORE_VERSION)
{
if (version != 0 && version != 1)
{
throw new IOException("Wrong version of key store.");
}
}The first four bytes of the input stream to the keystore file correspond to version: version = dIn.readInt();. The expected version is either 0x0, 0x1 or 0x2. The ReVanced CLI creates the keystore file with the following four bytes:
This is due to the provider:
public void engineStore(OutputStream stream, char[] password)
throws IOException
{
Cipher cipher;
DataOutputStream dOut = new DataOutputStream(stream);
byte[] salt = new byte[STORE_SALT_SIZE];
int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
random.nextBytes(salt);
dOut.writeInt(version);
// ...
}The Spi is instantiated with version STORE_VERSION (0x2):
The only solution is to provide a keystore file with the correct version or include a provider which supports your keystore version. Check which version yours has.
XDream8
commented
1 year ago It seems that the key stores I create are version 3 key stores. the command I used to generate key stores
keytool -genkey -v -keystore revanced.keystore -alias revanced -keyalg RSA -validity 10000I can't find a way to create a version 2 keystore file. I also tried creating a keystore using jdk8's keytool but it generates version 3 keystores too.
I think I will just generate a keystore with revanced-cli(using --password and --cn)
ChatGPT response: The keytool command generates a version 3 keystore by default. If you need to specifically create a version 2 keystore, you may have to use a different tool or find a workaround for using keytool. I recommend checking the documentation or forums for the software or platform you are using to see if there are any options for creating a version 2 keystore.
Luciogi
commented
1 year ago Revanced-cli is creating different type of key (bks) and java (zulu) is creating jks
This article mentions to create custom bks https://9to5answer.com/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-certificate-chain
Luciogi
commented
1 year ago @oSumAtrIX can you not use JKS format? Edit: ops this is proprietary format , plz dont implement
oSumAtrIX
commented
1 year ago You can PR if you like.
ltsdw
commented
1 year ago @Luciogi @oSumAtrIX
I think I'm using the recommended version and also using BKS, but still no luck with it. Using the keystore explorer I can switch to version 1, and in that case the exception is different, instead of "Wrong version of key store" I get a "no match". Maybe it's the bcprov version that I'm using?
openjdk 17.0.7 2023-04-18 LTS
OpenJDK Runtime Environment Zulu17.42+19-CA (build 17.0.7+7-LTS)
OpenJDK 64-Bit Server VM Zulu17.42+19-CA (build 17.0.7+7-LTS, mixed mode, sharing)keytool -genkey -v -keystore patched-yt.keystore -alias patchedyt -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "/usr/share/java/bcprov/bcprov-jdk18on-172.jar" -storetype BKS -keyalg RSA -keysize 2048 -validity 10000Unsure, have you checked the current Implementation in ReVanced CLI?
ltsdw
commented
1 year ago Yes, I did.
oSumAtrIX
commented
1 year ago Trace back the "no match" exception in the Java library and find out what exactly causes it
Luciogi
commented
1 year ago @ltsdw
keytool -genkey -v -keystore patched-yt.keystore -alias patchedyt -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "/usr/share/java/bcprov/bcprov-jdk18on-172.jar" -storetype BKS -keyalg RSA -keysize 2048 -validity 10000By using command above , It worked
https://github.com/revanced/revanced-cli/issues/200#issuecomment-1527316693error produced because you are not providing password
use -p "YOUR_KEY_PASSWORD"
oSumAtrIX
commented
1 year ago Can you clarify if this is an issue with ReVanced Manager and suggest a solution?
Luciogi
commented
1 year ago @oSumAtrIX custom keys generated using generated with -storetype PKCS12 (it is default option in keytool) show below error
java.io.IOException: Wrong version of key store.
at org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
at app.revanced.utils.signing.Signer.signApk(Signer.kt:63)
at app.revanced.cli.signing.Signing.sign(Signing.kt:10)
at app.revanced.cli.command.MainCommand.run(MainCommand.kt:166)
at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
at picocli.CommandLine.execute(CommandLine.java:2170)
at app.revanced.cli.main.MainKt.main(Main.kt:7)Using keytype BKS in revanced-cli without password result in error
java.security.UnrecoverableKeyException: no match
at org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi$StoreEntry.getObject(Unknown Source)
at org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi.engineGetKey(Unknown Source)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1050)
at app.revanced.utils.signing.Signer.signApk(Signer.kt:68)
at app.revanced.cli.signing.Signing.sign(Signing.kt:10)
at app.revanced.cli.command.MainCommand.run(MainCommand.kt:166)
at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
at picocli.CommandLine.execute(CommandLine.java:2170)
at app.revanced.cli.main.MainKt.main(Main.kt:7)I guess errors should be clear:
XDream8
commented
1 year ago @oSumAtrIX revanced-cli supports version 3 keystores now?
oSumAtrIX
commented
1 year ago It never dropped support.
Type
Error while running the CLI
Bug description
I can't create a revanced-app with custom keystore
Steps to reproduce
Step 1: create a key store Step 2: supply created key store to revanced-cli using --keystore=\<keystore file>
Relevant log output
Screenshots or videos
No response
Solution
No response
Additional context
No response
Acknowledgements