search

kurtbrose / pyjks

a pure python Java KeyStore file parser, including private key decryption
MIT License
130 stars 35 forks source link

make password optional in jks.KeyStore.load() #62

Open eighthave opened 4 years ago

eighthave commented 4 years ago

keytool lets you query some information in a password-protected keystore without specifying the password. I would like to do the same with pyjks. This would be useful to querying basic information about the keystore, like number of entries, type of entries, alias, etc.

$ keytool -list -keystore keystore.jks -protected

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

myspecialkeyalias, Sep 3, 2020, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): EA:54:23:F7:05:04:A1:1F:B8:AA:F3:33:0F:52:77:25:71:15:C1:01:D3:61:F0:C9:42:11:D0:C0:5A:F0:48:5B

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".
$ keytool -list -keystore keystore.jks -storepass:env STOREPASS
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

sova.at.or.at, Sep 3, 2020, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): EA:54:23:F7:05:04:A1:1F:B8:AA:F3:33:0F:52:77:25:71:15:C1:01:D3:61:F0:C9:42:11:D0:C0:5A:F0:48:5B

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".

This is probably related to #36

mahmoud commented 4 years ago

I think this would be a great feature, unfortunately I don't see us having bandwidth to develop it in the foreseeable future. Any chance you'd be up to making a PR?

eighthave commented 4 years ago

There is a chance I could take this on. If we need it in fdroidserver, then one of us maintainers would likely want to implement this. Any ideas how hard it would be? In theory it should be easy, since keytool supports it, so the data should be readable.