java Android 密钥库停止工作
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13535424/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Android keystore stopped working
提问by Jared Burrows
Just recently I have had a problem with a key store. I know there are plenty of questions about this problem already. I have read them all and Googled furiously.
就在最近,我遇到了一个密钥存储问题。我知道关于这个问题已经有很多问题了。我已经阅读了所有内容并疯狂地谷歌搜索。
Error:
错误:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:885)
at sun.security.tools.KeyTool.run(KeyTool.java:340)
at sun.security.tools.KeyTool.main(KeyTool.java:333)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 5 more
Software I am using:
我正在使用的软件:
Java
爪哇
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
Eclipse
蚀
Version: 3.8.0
Build id: I20120502-2000
Latest ADT Plugin
最新的 ADT 插件
Latest Android SDK
最新的安卓 SDK
Here is what I know:
这是我所知道的:
- I did not lose the password and it has never changed.
- I cannot retrieve the password(I know the pass).
- I cannot sign an existing application with a different key without releasing a brand new application(So I cannot publish any updates).
- 我没有丢失密码,它从未改变过。
- 我无法找回密码(我知道通行证)。
- 在不发布全新应用程序的情况下,我无法使用不同的密钥对现有应用程序进行签名(因此我无法发布任何更新)。
Here is what I have done:
这是我所做的:
- I have uninstalled and re-installed Eclipse many times.
- I have uninstalled and re-installed the android ADT plugin.
- I have removed and re-downloaded lastest Android SDK many times.
- I have uninstalled and re-installed JDK7.
- I have tried using the backups of my keystore.
- I have checked the MD5 checksums using "md5sum KEYSTORE" and compared with the backups(same MD5 output - not tampered).
- I have tried brute-forcing the key store(I have retrieved the password that I knew).
- I created a test key(with current setup) and tested the password and it seems to worked fine(so something has changed).
- I have tried exporting the android .apk manually and then tried to sign it(Outside of Eclipse).
- 我已经卸载并重新安装了 Eclipse 很多次。
- 我已经卸载并重新安装了 android ADT 插件。
- 我已经多次删除并重新下载最新的 Android SDK。
- 我已经卸载并重新安装了 JDK7。
- 我曾尝试使用我的密钥库的备份。
- 我已经使用“md5sum KEYSTORE”检查了 MD5 校验和并与备份进行了比较(相同的 MD5 输出 - 未篡改)。
- 我试过暴力破解密钥库(我已经找回了我知道的密码)。
- 我创建了一个测试密钥(使用当前设置)并测试了密码,它似乎工作正常(所以有些事情发生了变化)。
- 我曾尝试手动导出 android .apk,然后尝试对其进行签名(Eclipse 之外)。
Here is how I export a signed application:
以下是我导出已签名应用程序的方法:
- Through Eclipse:Exporting of using File > Export > Export Android Application.
- Before JDK7:jarsigner -verbose -keystore KEYSTORE FILE ALIAS.
- With JDK7:jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore KEYSTORE FILE ALIAS.
- 通过 Eclipse:使用 File > Export > Export Android Application 导出。
- JDK7 之前:jarsigner -verbose -keystore KEYSTORE FILE ALIAS。
- 使用 JDK7:jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore KEYSTORE FILE ALIAS。
What is there left to figure out or try?
还有什么需要弄清楚或尝试的?
Some of the references/URLs say to remove the "trusted.certs" file?Try deleting the "debug.keystore"?Would updating Eclipse or any of the Android development tools affect my keystore?Would updating Java from jdk6 to jdk7 create any problems?Could this have messed with or change how the jarsigner works in anyway?
一些参考文献/URL 说要删除“trusted.certs”文件?尝试删除“debug.keystore”?更新 Eclipse 或任何 Android 开发工具会影响我的密钥库吗?将 Java 从 jdk6 更新到 jdk7 会产生任何问题吗?无论如何,这是否会干扰或改变 jarsigner 的工作方式?
User suggestions:
用户建议:
- Try using JDK6, but I was able to recently export an application.
Checked key.store.password or key.alias.password in my local.propertiesUnchecking the build automatically in eclipse and clean your projectTry to remove .metadata folder in your workspace and clear all temp folders.
- 尝试使用 JDK6,但我最近能够导出一个应用程序。
在我的 local.properties 中检查 key.store.password 或 key.alias.password在 Eclipse 中自动取消选中构建并清理您的项目尝试删除工作区中的 .metadata 文件夹并清除所有临时文件夹。
Summary
概括
- Keystores did not change,
- I have the passwords to the keystores,
- I have successfully exported an application recently using:
- Eclipse 3.8 (and Eclipse 4.0+),
- Latest Java 7,
- Latest ADT Plugin.
- My last successful export and build was a few weeks ago using Eclipse 3.8, latest Android tools and Java 7 with the same password.
- 密钥库没有改变,
- 我有密钥库的密码,
- 我最近使用以下方法成功导出了一个应用程序:
- Eclipse 3.8(和 Eclipse 4.0+),
- 最新的Java 7,
- 最新的 ADT 插件。
- 我上一次成功导出和构建是在几周前使用 Eclipse 3.8、最新的 Android 工具和 Java 7 使用相同的密码。
Update (6/29/14)
更新 (6/29/14)
- I have used: keytool -list -keystore KEYSTOREto successfully prove and show that 3 out of my 4 keys work.
- I bruteforced the last key and obtained the password from the keystore(The pass I already knew), but the password does not work when I enter for signing. I have used: java -jarAndroidKeystoreBrute_v1.02.jar -m 3 -k KEYSTORE -d WORDLIST.
- Strangely enough, sometimes when I type my password into eclipse very quickly, my alias will show up and I can successfully export my application. (I know this is crazy).
- Updated Java version.
- 我已经使用:keytool -list -keystore KEYSTORE成功证明并显示我的 4 个键中的 3 个有效。
- 我暴力破解了最后一个密钥并从密钥库中获取了密码(我已经知道的密码),但是当我输入签名时密码不起作用。我使用过:java -jarAndroidKeystoreBrute_v1.02.jar -m 3 -k KEYSTORE -d WORDLIST。
- 奇怪的是,有时当我很快在 eclipse 中输入密码时,我的别名会出现,我可以成功导出我的应用程序。(我知道这很疯狂)。
- 更新了 Java 版本。
If I type in the password very quickly it works, sometimes.
如果我非常快速地输入密码,它有时会起作用。
It seems that opening up Eclipse and entering the password the first time lets me use the keystore.
第一次打开 Eclipse 并输入密码似乎可以让我使用密钥库。
Obviously, if all else fails, I will have to create a new key store. I really would like to get this resolved, I am just not sure what to do now besides republish with a new key.
显然,如果所有其他方法都失败了,我将不得不创建一个新的密钥库。我真的很想解决这个问题,我只是不知道现在除了使用新密钥重新发布之外还能做什么。
If the key cannot be recovered properly, I might open source it on Github.
如果密钥无法正常恢复,我可能会在 Github 上将其开源。
Solution (6/29/14):
解决方案 (6/29/14):
A special thanks to user Erhannis!
特别感谢用户 Erhannis!
Here is what I did:
这是我所做的:
The command would error out on me each time:
该命令每次都会出错:
keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v
Since you told me we could extract private keys from the Java Keystore(.jks), I dug deeper and ended up using a variation of the command. I followed the links you posted hereand here:
既然你告诉我我们可以从 Java Keystore(.jks) 中提取私钥,我深入挖掘并最终使用了命令的变体。我按照您在此处和此处发布的链接进行操作:
keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -deststoretype pkcs12
After extracting the private key and storing as PKCS12, I think extracted my private key and put it back into a brand new Java Keystore:
提取私钥并存储为 PKCS12 后,我认为提取了我的私钥并将其放回全新的 Java Keystore:
keytool -importkeystore -srckeystore new.keystore -srcstoretype pkcs12 -destkeystore final.keystore -deststoretype jks
References:
参考:
http://developer.android.com/tools/publishing/app-signing.html#signapp
http://developer.android.com/tools/publishing/app-signing.html#signapp
http://code.google.com/p/android-keystore-password-recover/
http://code.google.com/p/android-keystore-password-recover/
List of StackOverflow URLs I have read:
我读过的 StackOverflow URL 列表:
How to handle a lost KeyStore password in Android?
如何在 Android 中处理丢失的 KeyStore 密码?
Android: I lost my android key store, what should I do?
Android:我丢失了我的 android 密钥库,我该怎么办?
Forgot Keystore password, thinking of Brute-Force detection. will it corrupt the keystore?
忘记了 Keystore 密码,想到了蛮力检测。它会破坏密钥库吗?
I have lost the password for android Keystore file
Problem running my signed, release keystore in Eclipse
Android - Forgot keystore password. Can I decrypt keystore file?
Android - 忘记了密钥库密码。我可以解密密钥库文件吗?
Android release keystore issue: "Keystore was tampered with, or password was incorrect"
采纳答案by Erhannis
I may have had the same problem. I never did figure out why it was failing (though I wonder if it was because the keystore password was shorter than 6 digits), but I was able to copy my key into a new keystore, which I then renamed to replace the old one, and it mysteriously worked after that (using the new passwords). Needed the key password, by the way. Working off https://security.stackexchange.com/a/3795, I did the following:
我可能遇到了同样的问题。我从来没有弄清楚它为什么会失败(尽管我想知道这是不是因为密钥库密码短于 6 位),但是我能够将我的密钥复制到一个新的密钥库中,然后我将其重命名以替换旧的密钥库,之后它神秘地工作(使用新密码)。顺便说一下,需要密钥密码。关闭https://security.stackexchange.com/a/3795,我执行了以下操作:
keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v- Entered the new keystore password twice
- Hit Enterwhen it asked me for the source keystore password (left it blank)
- Entered the key password
keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v- 两次输入新的密钥库密码
- 打Enter的时候就问我对源库密码(左空白)
- 输入了密钥密码
After double-checking that the new one worked, I just copied it over the old one. Hope it works for you; good luck.
在仔细检查新的是否有效后,我只是将其复制到旧的。希望对你有帮助; 祝你好运。
回答by Gerhat
I had the same problem and I tried everything that is suggested in this thread but nothing was able to save my alias password. The point is that I was absolutely sureabout the password, since I had updated the app four times already. I was getting the "Keystore was tampered with, or password was incorrect"message.
我遇到了同样的问题,我尝试了此线程中建议的所有内容,但没有任何内容能够保存我的别名密码。关键是我绝对确定密码,因为我已经更新了四次应用程序。我收到“密钥库被篡改,或密码不正确”消息。
The solution
解决方案
It appears that at the creation of the keystore using eclipse, a space character was added in front of the password!
似乎在使用 eclipse 创建密钥库时,在密码前面添加了一个空格字符!
This nasty bug was apparently fixed at a later version rendering me unable to sign my app with the password I thought was the correct one.
这个讨厌的错误显然在以后的版本中得到了修复,这使我无法使用我认为正确的密码对我的应用程序进行签名。
Based on this SO link: Ant fails to build signed apk after updating to android v20I would suggest that you try adding a space character before of after your password.
基于此 SO 链接:Ant failed to build signed apk after update to android v20我建议您尝试在密码之前或之后添加一个空格字符。
回答by Silverstorm
Try to remove .metadatafolder in your workspace and clear all temp folders. If your keystore file isn't damaged and you have tried to reinstall Eclipse, ADT, Android SDK and Java SDK correctly, I don't see other possibly causes for this strange issue excluding .metadata cache files and\or some temp corruption.
尝试删除工作区中的.metadata文件夹并清除所有临时文件夹。如果您的密钥库文件没有损坏,并且您已尝试正确重新安装 Eclipse、ADT、Android SDK 和 Java SDK,除了 .metadata 缓存文件和/或某些临时损坏之外,我看不出造成此奇怪问题的其他可能原因。
Another suggestion
另一个建议
Try to use Porteclean utility for managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists etc.
尝试使用Portecle实用程序来管理和检查密钥库、密钥、证书、证书请求、证书吊销列表等。
回答by Ajay Kumar Meher
I will suggest couple of more heat and trials.
我会建议更多的热量和试验。
Have patience to apply these,
有耐心去应用这些,
Steps:
脚步:
- Untick the build automatically (Project-> Build Automatically) in eclipse and clean your project.
- Build it again.(Right Click on the project+Build Project)
- Export Project.
- Select Android Export.(auto aligned for you)
- Choose your key. provide the password. alias should come in the list.(Be sure about the caps lock). Sometimes we give correct password but due to caps it always fails ;)
- Let me know if it works for you.
- 在 Eclipse 中取消自动构建(项目-> 自动构建)并清理您的项目。
- 再次构建。(右键单击项目+构建项目)
- 出口项目。
- 选择 Android 导出。(为您自动对齐)
- 选择您的钥匙。提供密码。别名应该出现在列表中。(确保大写锁定)。有时我们提供正确的密码,但由于大写,它总是失败;)
- 请让我知道这对你有没有用。
Hopes this will help you.
希望这会帮助你。
回答by Alexander Lucas
Are you storing values such as key.store.password or key.alias.password in your local.properties file? Are either of those incorrect?
您是否在 local.properties 文件中存储了诸如 key.store.password 或 key.alias.password 之类的值?其中有一个不正确吗?
I'm curious if there's some bug that occurs for keys created with JDK6 and verified in JDK7 - It would explain why the new keys you created for testing work, but the old one doesn't. Try downgrading to JDK6 and see if that fixes it- Others have had jarsigner trouble in JDK7 that went away when they downgraded to 6. If that works, file a bug report and demand a patch so you can safely upgrade to Java 7 :)
我很好奇使用 JDK6 创建并在 JDK7 中验证的密钥是否会出现一些错误 - 这将解释为什么您为测试创建的新密钥有效,而旧密钥却没有。尝试降级到 JDK6 并查看是否可以修复它 - 其他人在 JDK7 中遇到了 jarsigner 问题,当他们降级到 6 时就消失了。如果可行,请提交错误报告并要求打补丁,以便您可以安全地升级到 Java 7 :)
回答by Nik Sanghvi
I battled this issue as well recently, and tried all suggestions listed here and elsewhere. Finally identified a silly mistake that was causing this error at my end - I wanted to share this here in case it helps any of you.
我最近也在与这个问题作斗争,并尝试了此处和其他地方列出的所有建议。最后确定了一个导致此错误的愚蠢错误 - 我想在这里分享它,以防它对你们中的任何人有所帮助。
This is more likely to be the case if you, like me, have multiple Java versions on your machine and had upgraded JRE / JDK between the time you originally created the keystore and now when you're trying to sign the APK.
如果您像我一样,在您的机器上有多个 Java 版本,并且在您最初创建密钥库和现在尝试签署 APK 之间升级了 JRE/JDK,则更有可能出现这种情况。
For some reason, our compile instructions were referencing the full Java path like this:
出于某种原因,我们的编译指令引用了完整的 Java 路径,如下所示:
C:\Progra~1\Java\jdk1.6.0_45\bin\jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve
C:\Progra~1\Java\jdk1.6.0_45\bin\jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve
One of the suggestions above got me thinking that it might not be a password issue at all, and it could be version incompatibilities causing the issue. So I ran the below command :
上述建议之一让我认为这可能根本不是密码问题,可能是版本不兼容导致了该问题。所以我运行了以下命令:
keytool -list -keystore cre80ve.keystore
keytool -list -keystore cre80ve.keystore
Using the password that I knew was correct, and lo and behold, it confirmed that it was the right password.
使用我知道正确的密码,瞧,它确认这是正确的密码。
I then dropped the explicit reference in the path to the (older) Java version. This made it automatically pick up the latest version of Java (jdk1.8.0_31 in my case):
然后我删除了(旧)Java 版本路径中的显式引用。这使它自动选择最新版本的 Java(在我的例子中是 jdk1.8.0_31):
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve
And everything started working fine!
一切都开始正常了!
Bottomline: it may not be a password issue at all, but different versions of Java or the Android SDK causing the issue, so remember to check that out.
底线:这可能根本不是密码问题,而是不同版本的 Java 或 Android SDK 导致了问题,所以请记住检查一下。
And once it starts working, remember to backup your keystore and password in a safe place :-)
一旦它开始工作,请记住在安全的地方备份您的密钥库和密码:-)
回答by Malak Pete
My key alias stoped working sudenly. (Ok, after few updates of Android Studio and Java).
我的密钥别名突然停止工作。(好吧,经过几次 Android Studio 和 Java 更新之后)。
I tried all solutions from this thread as well as from others. In my case the solution was surprising. I have the keystore with few aliases. None was working except one, which had password the same as keystore. But unfortunately it wasn't the one I needed. This made me thinking with no logic involved. I copied single alias to new keystore with
我尝试了该线程以及其他线程中的所有解决方案。就我而言,解决方案令人惊讶。我有几个别名的密钥库。除了一个密码与密钥库相同的密码外,没有一个工作正常。但不幸的是,这不是我需要的。这让我不加逻辑地思考。我将单个别名复制到新的密钥库
keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -srcalias importantalias
And then I changed alias password to the same as keystore's password with:
然后我将别名密码更改为与密钥库的密码相同:
keytool -keypasswd -keystore new.keystore -alias importantalias
Finally I was able to sign my apk. It looks like silly bug which can waste a day of development.
最后我能够签署我的apk。它看起来像一个愚蠢的错误,会浪费一天的开发时间。
回答by Magnus W
Just had this issue - all of a sudden Android Studio forgot my passwords and wouldn't use the ones I had in the gradle file. I've had the same keyfile and passwords in the same project for 6 years!
刚刚遇到这个问题 - 突然间 Android Studio 忘记了我的密码并且不会使用我在 gradle 文件中的密码。我在同一个项目中使用相同的密钥文件和密码已有 6 年了!
So I entered them manually - but it failed verification time after time. I tried some things like invalidating caches, restarting Android Studio and restoring a backup of the keystore but nothing helped.
所以我手动输入了它们 - 但它一次又一次地验证失败。我尝试了一些方法,例如使缓存无效、重新启动 Android Studio 和恢复密钥库的备份,但没有任何帮助。
Finally in pure desperation I tried to switch the keystore password and the key password. Lo and behold - it worked! Turns out I had switched the passwords when I entered them into the Gradle build file a few years ago, and for some reason I never noticed.
最后在纯粹的绝望中,我尝试切换密钥库密码和密钥密码。瞧——它奏效了!事实证明,几年前当我将密码输入 Gradle 构建文件时,我已经切换了密码,但出于某种原因,我从未注意到。
Conclusion: never be 100% sure that you're doing it right.
结论:永远不要100%确定你做对了。
