Saving keystore file results in a warning of proprietary format when listing entries with keytool on Linux

[pauLee]

Doing a list command for entries of a keystore-file, which is saved with Keystore-Explorer, results in a warning when using keytool on Linux:

Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/xvm/... -destkeystore /opt/xvm/... -deststoretype pkcs12".

Environment

• Keystore type: jks
• Keystore provider: SUN
  • Version of KSE: 5.4.3
  • Version of Java for keytool: 1.8.0_265 (OpenJDK Runtime Environment (build 1.8.0_265-b01), OpenJDK 64-Bit Server VM (build 25.265-b01, mixed mode))
  • Platform (OS) for KSE: Windows 10 Version 1909, 64-bit
  • Platform (OS) for keytool: Oracle Linux Server 8.2 (Linux 4.18.0-193.19.1.el8_2.x86_64)

[kaikramer]

That just means that the former default Java keystore formats JKS and JCEKS are not recommended anymore. This is not a KSE specific problem, you'll get the same warning if you create a JKS or JCEKS keystore with keytool.

You can change the keystore type to PKCS#12 in the Tools menu of KSE (i.e. the GUI equivalent of the command in the warning message):

As a side note: While it is true that JKS and JCEKS are not very secure formats for storing keys, they are still fine for storing certificates (as a truststore).

[pauLee]

Thank you for the explanation!

[kaikramer]

I have thought about this a bit more and found something that I should change in KSE: When one creates a new keystore in KSE, JCEKS is the pre-selected keystore type. To reflect the changes in keytool, I'll make PKCS#12 the new default.

Thanks for taking the time to create this ticket!