search

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts
https://ebourg.github.io/jsign
Apache License 2.0
250 stars 107 forks source link

Contradictory error message if no storepass is provided #201

Closed aronowski closed 4 months ago

aronowski commented 4 months ago

Assuming that one wants to sign a binary.bin file using an example.p12 file, which has no password, the command below, which doesn't provide any storepass, prints a contradicting message:

$ jsign --keystore example.p12 --alias example binary.bin 
jsign: No certificate found under the alias 'example' in the keystore example.p12 (available aliases: example)
Try `jsign --help' for more information.

But specifying and empty storepass works just fine:

$ jsign --keystore example.p12 --alias example --storepass "" binary.bin 
Adding Authenticode signature to binary.bin

The point of this issue is that the error message should rather print something that provides a hint, rather than contradicting itself, maybe:
Wrong password for keystore example.p12.
?

ebourg commented 4 months ago

Good catch thank you, I'll look into it.

ebourg commented 4 months ago

I've reproduced the issue, it happens only with a PKCS#12 keystore when the password is not specified. The keystore can be loaded with no password, the aliases can be listed, but the keys and certificates can't be accessed.