kaikramer
commented
5 months ago If you take a look at the release notes of KSE 5.4.3 the following change is mentioned there:
JKS and JCEKS keystores can now be opened without entering the password, just press enter in the password dialog.
- This is only possible because the JKS/JCEKS keystore password (in contrast to the passwords of individual key entries) is just an integrity protection.
- Key entries are of course still locked.
- The keystore is handled by KSE as if no keystore password was set yet. If you want to save the keystore after a modification, you have to set a new keystore password.
The first sub-point should explain why it works at all. And the reason this feature was added is simply that it has been requested by users.
It can be useful in certain situations:
- A user just wants to look at the content of a keystore, without changing anything.
- Pure truststores in general
- You have forgotten your old keystore password and want to set a new one (if there are key pair entries and you don't know the key passwords then it probably is not too useful).
By the way, JKS keystores have very weak security in general, PKCS#12 might be a better choice in 2024.
class101
Hello KSE developers,
There is a behavior that I cannot explain regarding the creation of a JKS keystore with the password "toto".
kse-553-password-is-toto.jks.txt
I am puzzled as to why KeyStore Explorer 5.5.* can open all my password-protected JKS files with a blank password.
I have never been able to understand this behavior; the only difference with my colleague is that he continues to use an older version of KSE 5.2. and has never encountered this issue, whereas I have been updated to 5.5. for a long time and have consistently observed this behavior.