Login/Register
keytool error Keystore was tampered with, or password was incorrect
Asked Answered
Solved javakeystore
I

24

286

I am getting following error while generating certificates on my local machine.

C:\Users\abc>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

I think there is some problems in jdk version.I ran the same command on my collegues machine and it is working fine.

Please share your inputs.

Interfaith answered 3/6, 2013 at 6:36 Comment(7)
are you giving correct password? and running the command from proper directory?Babiche
As I am creating it, so I am entering a new password.From which directory should I run it?Interfaith
keytool -genkeypair -alias tomcat -keyalg RSA -keystore D:\keystore.jks try this for generating keystore and then export cer like keytool -export -alias mycert -keystore D:\keystore.jks -file vorburger.cerBabiche
Can you please clarify, does it will have the same effect as was with "keytool -genkey -alias tomcat -keyalg RSA".Interfaith
can you tell me the purpose of generating this cer?Babiche
I am using it inside server.xml of Tomcat7.0 for SSL.Interfaith
For mac users https://mcmap.net/q/35993/-keytool-error-keystore-was-tampered-with-or-password-was-incorrectOverelaborate
R
107

From your description I assume you are on windows machine and your home is abc

So Now : Cause

When you run this command

keytool -genkey -alias tomcat -keyalg RSA

because you are not specifying an explicit keystore it will try to generate (and in your case as you are getting exception so to update) keystore C:\users\abc>.keystore and of course you need to provide old password for .keystore while I believe you are providing your version (a new one).

Solution

  1. Either delete .keystore from C:\users\abc> location and try the command

  2. or try following command which will create a new xyzkeystore:

    keytool -genkey -keystore xyzkeystore -alias tomcat -keyalg RSA

Note: -genkey is old now rather use -genkeypair althought both work equally.

Ringtailed answered 7/6, 2013 at 15:3 Comment(6)
Though I figured it out of my own. "Either delete .keystore from C:\users\abc> location and try the command" is the right solution.Interfaith
is it possible to deliver the keystore pass in the arguments?Brendin
I have deleted the existing keystore file and then followed the command keytool -genkey -alias key0-keyalg RSA, then it asks me new password and others data, I gave. But still now, when I try to build signed apk, it shows the same error message -"Keystore was tampered with, or password was incorrect " What's the problem here?Boman
If you are getting keytool error: java.io.FileNotFoundException: xyzkeystore (Permission denied) run with sudoAlodie
@HashmatullahNoorzai, maybe need to open CMD as adminHibbler
This is the only correct answer to the posed question. The other answers side step the question. Essentially a keystore ALREADY EXISTED with a different password.Interlunar
R
430

I solved it by using the default password for cacerts keystore : 'changeit'

Ruperto answered 1/4, 2014 at 9:40 Comment(3)
haha.. so actually its not change password to new one, and default work :DSnapdragon
thanks :)..it worked at my end..and i was using the password that I used to export the .cer file..Portiaportico
If it doesn't work, default password is: androidHenryk
O
238

This answer will be helpful for new Mac User (Works for Linux, Window 7 64 bit too).

Empty Password worked in my mac . (paste the below line in terminal)

keytool -list -v -keystore ~/.android/debug.keystore

when it prompt for

Enter keystore password:

just press enter button (Dont type anything).It should work .

Please make sure its for default debug.keystore file , not for your project based keystore file (Password might change for this).

Works well for MacOS Sierra 10.10+ too.

I heard, it works for linux environment as well. i haven't tested that in linux yet.

Overelaborate answered 9/11, 2015 at 6:12 Comment(3)
Thanks. It worked on my windows 10 for debug keystoreTuttifrutti
This is the only answer that worked for me. Using debug keystore on win 10 like VinayakWitness
I'm embarrassed by how many passwords I tried hahaRorqual
R
107

From your description I assume you are on windows machine and your home is abc

So Now : Cause

When you run this command

keytool -genkey -alias tomcat -keyalg RSA

because you are not specifying an explicit keystore it will try to generate (and in your case as you are getting exception so to update) keystore C:\users\abc>.keystore and of course you need to provide old password for .keystore while I believe you are providing your version (a new one).

Solution

  1. Either delete .keystore from C:\users\abc> location and try the command

  2. or try following command which will create a new xyzkeystore:

    keytool -genkey -keystore xyzkeystore -alias tomcat -keyalg RSA

Note: -genkey is old now rather use -genkeypair althought both work equally.

Ringtailed answered 7/6, 2013 at 15:3 Comment(6)
Though I figured it out of my own. "Either delete .keystore from C:\users\abc> location and try the command" is the right solution.Interfaith
is it possible to deliver the keystore pass in the arguments?Brendin
I have deleted the existing keystore file and then followed the command keytool -genkey -alias key0-keyalg RSA, then it asks me new password and others data, I gave. But still now, when I try to build signed apk, it shows the same error message -"Keystore was tampered with, or password was incorrect " What's the problem here?Boman
If you are getting keytool error: java.io.FileNotFoundException: xyzkeystore (Permission denied) run with sudoAlodie
@HashmatullahNoorzai, maybe need to open CMD as adminHibbler
This is the only correct answer to the posed question. The other answers side step the question. Essentially a keystore ALREADY EXISTED with a different password.Interlunar
H
47

According to the documentation:

The default password for the debug keystore is android.

Hjerpe answered 2/9, 2019 at 19:46 Comment(1)
Thanks a lot that helped! Indeed, "android" is a proper password if the keys are generated by Android Studio, not via the keytool per se, unlike default "changeit" password for the keytool.Mccloskey
T
26

I have solve this issue by using default password "changeit".

Theatricalize answered 24/8, 2019 at 6:48 Comment(1)
This worked for me(in windows 10)Rally
H
18

Using changeit for the password is important too.

This command finally worked for me(with jetty):

 keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
Household answered 10/4, 2015 at 23:37 Comment(0)
H
15

In tomcat 8.5 pay attention to write the correct name of attributes. This is my code on server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/keystore" certificateKeystorePassword="mypassword" type="RSA"/>
    </SSLHostConfig>
</Connector>

You can visit https://tomcat.apache.org/tomcat-8.5-doc/config/http.html to see all attributes

Hepatica answered 19/4, 2017 at 11:10 Comment(0)
P
10

If you are working on signing your Flutter App by following this guide Build and release an Android app and run in to this error. I hope this answer helps you.

In my case I changed the path to store my key.jks. This happened to me because I there was an existing file in that path.

keytool -genkey -v -keystore ~/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias key

This command stores the key.jks file in your home directory. To store it elsewhere, change the argument you pass to the -keystore parameter.

In my case,

keytool -genkey -v -keystore /Users/Y/Desktop/X/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias keyYour

i.e Y - Username and X - folder name

Then you will be prompted to Enter keystore password: and Re-enter new password:. Here you can use whatever password you want.

However, keep the keystore file private; don’t check it into public source control!

Puma answered 15/5, 2020 at 14:11 Comment(0)
D
6

Empty password worked for me on my Mac

keytool -list -v -keystore ~/.android/debug.keystore

hit Enter then It's show you

Enter keystore password:

here just hit Enter for empty password

Duress answered 10/2, 2021 at 9:10 Comment(3)
Not on my Mac (in 2021).Caber
@SridharSarnobat are you using m1 ?Duress
I've not heard of that. Only m1 finance!Caber
C
5

Check your home folder ~/.gradle/gradle.properties. Sometimes if you have gradle.properties in home directory it takes details from the there. Either you can change that or delete the files. Then it will take required details from your local folder.

Calchas answered 13/12, 2017 at 14:57 Comment(0)
A
5

Works on Windows

open command prompt (press Windows Key + R then type "cmd" without quotations in the appearing dialogue box and then press Enter Key).

then type the code sniff below :

  1. cd C:\Program Files\Java\jdk1.7.0_25\bin

then type following command

  1. keytool -list -keystore "C:/Documents and Settings/Your Name/.android/debug.keystore"

Then it will ask for Keystore password now. The default password is "android" type and enter or just hit enter "DONT TYPE ANY PASSWORD".

Arterialize answered 26/5, 2018 at 7:39 Comment(0)
S
4

Summarizing the advices from this page, I finished up with the following:

keytool -genkeypair -keystore ~/.android/release.keystore -alias <my_alias> -storepass <my_cert_pass> -keyalg RSA

Then I got a set of questions regarding name, organization, location and password for my alias.

Spun answered 24/9, 2015 at 0:54 Comment(0)
R
2

I fixed this issue by deleting the output file and running the command again. It turns out it does NOT overwrite the previous file. I had this issue when renewing a let's encrypt cert with tomcat

Ripuarian answered 10/8, 2018 at 21:10 Comment(0)
I
2

With openjdk I had the same problem.
After I updated openjdk to "11.0.17" the problem was gone.

Impotence answered 3/2, 2023 at 13:6 Comment(0)
P
1

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

I solved my problem when I changed keystore path C:\MyWorks\mykeystore to C:\MyWorks\mykeystore.keystore.

Plaudit answered 11/12, 2015 at 6:8 Comment(1)
the first path "C:\MyWorks\mykeystore" is not a keystore.Stefanysteffane
D
1

In my case I was needed to have root access.

Dorotheadorothee answered 26/6, 2018 at 16:19 Comment(0)
D
1
 [root@localhost Certificate]# openssl pkcs12 -export -in 
 /opt/Certificate/115c99f4c5aa98f5.crt -inkey /opt/Certificate/ravi.in.key -certfile 
/opt/Certificate/gd_bundle-g2-g1.crt -out RaviNew.p12

Enter Export Password: <Password>
Verifying - Enter Export Password: <Password>

Note :- Above Export Pasworrd write down anywhere because it is must to create JKS file ( It is depend on your choice what password you want to make )

  keytool -importkeystore -srckeystore DigiEduNew.p12 -srcstoretype pkcs12 -destkeystore finaldigiEdu.jks -deststoretype JKS
  Importing keystore DigiEduNew.p12 to finaldigiEdu.jks...
  Enter destination keystore password: <Any Password >
  Re-enter new password: <Any Password >
  Enter source keystore password: <.P12 Password >
  Entry for alias 1 successfully imported.
  Import command completed:  1 entries successfully imported, 0 entries failed or 
  cancelled



 Warning:
 The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 
 which is an industry standard format using "keytool -importkeystore -srckeystore 
 finaldigiEdu.jks -destkeystore finaldigiEdu.jks -deststoretype pkcs12".
Downall answered 11/10, 2018 at 5:36 Comment(0)
L
1

For me I solved it by changing passwords from Arabic letter to English letter, but first I went to the folder and deleted the generated key then it works.

Looksee answered 21/7, 2019 at 0:4 Comment(0)
K
1

In my case with Xamarin Forms 4.7 and Visual Studio 2019 16.7.0 Preview 3.1, the problem was version mismatch of lately updated Android Build tools (apksigner) and JDK. Updated JDK to latest and pointed the new JDK path on Tools->Options->Xamarin->Android Settings, and it works.

Kuhlman answered 28/6, 2020 at 11:38 Comment(0)
O
1

you have two options:

cmd doesn't show the password on the screen while typing
so just type the correct passwd -and be careful- then press enter.

Or just use:

keytool -list -keystore 'keystoreName' -storepass 'type your keystore passwd'

and for Keys' full info, add -v:

keytool -v -list -keystore 'keystoreName' -storepass 'type your keystore passwd'
Overstay answered 24/1, 2022 at 16:30 Comment(0)
C
1

For my case, there was another upload-keystore.jks file at the location where I was running the code. It was fixed when I deleted it and ran the code again.

Cadaverine answered 14/8, 2023 at 13:53 Comment(0)
B
0

Just upgraded to Android Studio 4.2 from 4.0. Apparently, Android Studio silently CHANGED my keystore password, which has been sitting there unchanged and working perfectly without incident for well over a year.

Just had to re-renter both passwords.

Sigh

Bari answered 7/7, 2021 at 20:16 Comment(0)
C
0

If you already have a .store file, you have to use the same password as you did to generate it. So in my case the solution was:

rm *.store
rm *.cer

That may sound odd to you but I'm just trying to learn about keytool and am source controlling my tutorial files and rerunning them later!

Caber answered 20/11, 2021 at 2:53 Comment(0)
D
0

This answer is helpful for those who manage multiple keystores across different projects.

I had the same error and I noticed I was using a file keystore.jks with the password of another keystore.jks which throws this exception since the password doesn't match.

Daliadalila answered 1/7, 2022 at 12:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.