Hash mismatch; incorrect keystore password? for a BKS file

kurtbrose / pyjks

a pure python Java KeyStore file parser, including private key decryption

MIT License

130 stars 35 forks source link

Hash mismatch; incorrect keystore password? for a BKS file #21

Closed kholia closed 8 years ago

kholia commented 8 years ago

Portecle 1.9 opens the attached secret.bks file without any problems.

secret.zip

However running readks.py --type=bks secret.bks secret results in Hash mismatch; incorrect keystore password? error message.

secret.bks file is full of NULL bytes at the end, and I suspect that this is causing the HMAC signature extraction and calculation to fail. I wonder how Portecle is dealing with such files.

voetsjoeba commented 8 years ago

Thanks for your report. This happens because the loading routines assume the hash can be found at the last 20 bytes of the input data. Instead it should be looking only at the next 20 bytes following the location where it stopped loading entries.

Will commit a fix soon.

kholia commented 8 years ago

Thanks for taking a look, it seems that _load_bks_entries should be called before doing the HMAC signature (hash) extraction.

voetsjoeba commented 8 years ago

The PR with the fix has been merged; can you retry with the latest master? Tested here as well, should work now.

kholia commented 8 years ago

Latest master (a980881824d04cbe8edd866b868fe040e8fa487a) works well. Thanks for fixing this so quickly! :+1:

mahmoud commented 8 years ago

Great to hear! I pushed this to the newest PyPI version, 0.5.0. A simple pip install --upgrade pyjks will get you the fix as well.