Hi, I raised this question on Stackoverflow [1] and someone has answered it. Apparently we have to implement ManagerFactoryParameters [2]. Is this something that would be worth looking into?
[1] - https://stackoverflow.com/questions/48183829/jks-with-multiple-keys-different-passwords [2] - https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/ManagerFactoryParameters.html On Wed, Jan 10, 2018 at 5:07 PM, Afkham Azeez <[email protected]> wrote: > Yeah, this has been something discussed over and over again over the past > many years and everybody has been sticking with using the same password for > the private key and keystore. > > Azeez > > On Wed, Jan 10, 2018 at 5:03 PM, Prabath Siriwardena <[email protected]> > wrote: > >> AFAIK that's how it worked - same password for the private key and the >> key store.. >> >> But reading your mail, it says.. >> >> "However, if the passwords of all the keys were the same, it worked >> correctly. The password of the key store was different from the password(s) >> of the keys in both scenarios. " >> >> Does that mean when you have multiple private keys with the same password >> - but a different password for the key sore, it worked..? >> >> Thanks & regards, >> -Prabath >> >> On Wed, Jan 10, 2018 at 3:22 AM, Pubudu Fernando <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We were looking into getting multiple keys with unique passwords in the >>> same key store to work (for the HTTP transport [1]). But when the passwords >>> were unique to each key, it resulted in an UnrecoverableKeyException. >>> However, if the passwords of all the keys were the same, it worked >>> correctly. The password of the key store was different from the password(s) >>> of the keys in both scenarios. >>> >>> Checked several Stackoverflow questions related to this [2], [3], [4], >>> [5] and pretty much every answer to this was to use the same password for >>> both the key store and the key. >>> >>> Tomcat also seem to follow this approach of keeping the store and key >>> passwords the same [6]. >>> >>> Does anyone know whether this can or cannot be done for certain? >>> >>> If this cannot be done, are we also going to keep following the Tomcat's >>> (and others') approach of using the same password for both key store and >>> the key? >>> >>> [1] - https://github.com/wso2/transport-http/blob/master/compone >>> nts/org.wso2.transport.http.netty/src/main/java/org/wso2/tra >>> nsport/http/netty/common/ssl/SSLHandlerFactory.java >>> >>> [2] - https://stackoverflow.com/questions/35709433/java-keystore >>> -with-multiple-keys-and-different-passwords >>> >>> [3] - https://stackoverflow.com/questions/15967650/caused-by-jav >>> a-security-unrecoverablekeyexception-cannot-recover-key?nore >>> direct=1&lq=1 >>> >>> [4] - https://stackoverflow.com/questions/1321557/can-not-get-ke >>> y-from-keystore >>> >>> [5] - https://stackoverflow.com/questions/2889238/keystore-chang >>> e-passwords/2889605 >>> >>> [6] - https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Pr >>> epare_the_Certificate_Keystore >>> >>> Thanks. >>> >>> -- >>> Best Regards, >>> >>> *Pubudu Fernando* >>> Software Engineer >>> WSO2 (www.wso2.com) >>> m: +94 77 888 2543 <077%20888%202543> >>> >>> <https://lk.linkedin.com/in/pubuduf> <http://blog.pubudu.xyz/> >>> <https://github.com/pubudu91> >>> <http://stackoverflow.com/users/4329912/pubudu> >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 <+1%20650-625-7950> >> >> Blog: http://blog.facilelogin.com >> Vlog: http://vlog.facilelogin.com >> >> >> > > > -- > *Afkham Azeez* > Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>* > *email: **[email protected]* <[email protected]> > * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * > *http://blog.afkham.org* <http://blog.afkham.org> > *twitter: **http://twitter.com/afkham_azeez* > <http://twitter.com/afkham_azeez> > *linked-in: **http://lk.linkedin.com/in/afkhamazeez > <http://lk.linkedin.com/in/afkhamazeez>* > > *Lean . Enterprise . Middleware* > -- Best Regards, *Pubudu Fernando* Software Engineer WSO2 (www.wso2.com) m: +94 77 888 2543 <https://lk.linkedin.com/in/pubuduf> <http://blog.pubudu.xyz/> <https://github.com/pubudu91> <http://stackoverflow.com/users/4329912/pubudu>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
