kse-551-setup.exe (=the one with embedded java) uses wrong Java runtime environment

[FranLa]

When I create a new PKCS12 keystore with kse-551-setup.exe, save it and then try to open it I get the error that either "The supplied password is not correct" or "The KeyStore file is corrupt". This happens both if I save a new empty keystore or a new keystore with some random certificate imported. When I use the "kse-551-setup-no-jre.exe" (= the one without embedded java) it still can't open the file created by the "kse-551-setup.exe" version.

But if I create a PKCS12 with the "kse-551-setup-no-jre.exe" both versions (the one with and without embedded java) can open that PKCS12 keystore, and the "kse-551-setup.exe" can also modify this existing PKCS12 keystore without problems (and open it afterwords too). So the errors is only happening when creating a new PKCS12 keystore with kse-551-setup.exe

Additional information: When I use the version without java ("kse-551-setup-no-jre.exe") I use the following java installed on my PC: openjdk version "1.8.0_322" OpenJDK Runtime Environment (Temurin)(build 1.8.0_322-b06) OpenJDK 64-Bit Server VM (Temurin)(build 25.322-b06, mixed mode)

How to recreate the problem:

1. Install kse-551-setup.exe
2. Open KeyStore Explorer
3. Click on 'Create a new keystore'
4. Select 'PKCS #12'
5. Select 'File' > 'Save' > and enter some password twice (I just used 'Test1234')
6. Specify the file name and save the file
7. Exit Keystore Explorer
8. Open the file created in step 6
9. Enter the password
10. Now you will see the above mentioned error

A last note: It is apparently only a problem with PKCS12 - when I do the same with JCEKS eller JKS it works fine (=the file can be opened afterwards).

I have tried this on two different PC's - a Lenovo and a HP and the first is Windows 10 and the second Windows 11 - same problem

Because the error is so easy to re-create I don't attach any files to this case

[kaikramer]

Thank you for the well written bug report! Unfortunately I cannot reproduce it. I have even downloaded kse-551-setup.exe and installed it again - just to be sure.

This sounds as if it was related to the update of PKCS#12 encryption algorithms in newer Java versions, but then you would be able to open the p12 file with KSE from kse-551-setup.exe. And 1.8.0_322 is also new enough to support those algorithms.

I don't think it is a problem with the password either.

I think you have to actually upload such a file, so I can investigate.

[FranLa]

Hi Kai

I have in the meanwhile tested some combinations of Keystore Explorer and java versions.

And I noticed that even when I use kse-551-setup.exe (which has embedded java) it still makes a difference which java version I have installed on my PC !

When I have this java installed on my PC: OpenJDK Runtime Environment (Temurin)(build 1.8.0_322-b06) .. and then use kse-551-setup.exe I get the reported error.

I now tested by installing different java versions on my PC (I have tried with OpenJDK17U-jdk_x64_windows_hotspot_17.0.3_7.msi and then later on with OpenJDK17U-jdk_x64_windows_hotspot_17.0.1_12.msi (since that seams to be the version embedded in kse-551-setup.exe))

With these Java versions (17.0.*) installed on my PC I don't get the error anymore when I create new pcks12 keystores with "kse-551-setup.exe" - and I'm also able to open the PKCS12 keystores earlier created with the "kse-551-setup.exe" and "java 1.8.0_322-b06" combination.

I therefore think, that if you try to install and use "kse-551-setup.exe" on a PC where "OpenJDK8U-jdk_x64_windows_hotspot_8u322b06.msi" is installed you should experience the same problem. Please note, that it of some reason is necessary to boot your PC after installing OpenJDK8U-jdk_x64_windows_hotspot_8u322b06.msi (or any other java-version change) to get this result.

Please let me know if you with this combination of Keystore explorer and Java are able to re-create the error now.

[FranLa]

Hi again, Kai

I found another very interesting fact : It does all the difference how the p12 / pkcs12 keystore is opened by KeyStore Explorer (the "kse-551-setup.exe" version) when java 1.8 is installed on the PC :

1. If I (as I usually do and also did during my testing today) double-click on the p12 file and this way open it by association via KeyStore Explorer I get the described error.

2. But if I open KeyStore Explorer and then open the p12 file from inside the application it works fine.

So it very much looks like that when the p12 is opened by double-click the 'PC-java installation' is used, and only if the p12 is opened from inside KeyStore Explorer the embedded java is used.

And this theory seems to be confirmed by that when I uninstall the 'PC-java installation' and (also after a boot) double-click on the P12 I now get the error : Error Detecting Java Installation - No Java Runtime found! Please set JAVA_HOME!

So I guess the problem is the way the file-extension association handles a double-click on the P12 keystore - i.e. KeyStore Explorer in that situation doesn't use the java runtime which is embedded in the "kse-551-setup.exe" but the 'PC-java installation'. So when I create a new P12 it is of course from 'inside' KeyStore Explorer (and therefore the embedded Java is used) - but when I afterwards try to open it by double-clicking on the just created P12 it fails because now the 'PC-java installation' is used.

I think this explains how and why the problem happens. Do you agree ?

[kaikramer]

I still cannot reproduce that issue. Can you please check in the "System Information" (in "Help" menu) what Java runtime is used?:

KSE uses the bundled Java runtime preferredly, no matter which other Java versions are installed on your machine.

[FranLa]

Hi Kai Your latest comment is almost written at the same time as my latest comment (same minute). Did you see my latest comment (about the difference regarding how the p12 is openend (=1. by double-click on the p12 or 2. from inside the KeyStore Explorer) ?

I have now double-clicked on a P12 file again, and then looked at the system information - and I get this :

(which is the 'PC-java installation')

[kaikramer]

Oh, that's indeed very interesting and helpful!

[FranLa]

... and if I start the KeyStore Explorer directly (no double-click on a P12 - just start the application) - I get this System information (which by the way is a bit funny, since my PC is on Windows 11 (the System information says Windows 10) :

[kaikramer]

Yep, that's it! I am getting the error now. Thanks a lot for your effort and research, I know now where to look.

[FranLa]

I'm glad to hear that you can use this information 😊

Now when we know how to circumvent the problem it isn't that big a problem - but it would of course be nice if the double-click on a keystore would use the embedded java version as well (because it was quite confusing until now

If you have a new version (5.5.2 perhaps) which you want me to test a bit please let me know.

Well - bedtime in DK - It was nice that you responded so fast ! And - last not least - thank you for a great piece of software. I'm a big fan of KeyStore Explorer and use it a lot !