kaikramer / keystore-explorer

KeyStore Explorer is a free GUI replacement for the Java command-line utilities keytool and jarsigner.
https://keystore-explorer.org/
GNU General Public License v3.0
1.7k stars 275 forks source link

Support certificate alias change for PKCS#11 keystores #196

Open cdokolas opened 5 years ago

cdokolas commented 5 years ago

I recently had a bad experience with a code-signing certificate in a PKCS#11 e-token that had an alias that contained invalid characters. This made all command-line tools unusable. All I had to do was to "fix" the alias without using a command-line tool. I finally figured out how to programmatically get the "bad" alias string and then pass it directly to Java's keytool class (in the JDK) to successfully invoke the -changealias function of the tool.

I would be great if I could instead have used KeyStore Explorer to do this.

dwbenjamin commented 3 years ago

Here is an article that might help someone who knows Java. Reading NSS DB from Java 8 with SunPKCS11