Skip to Main Content

Java Security

Jarsigner 8 not able to sign from Windows Cert Store

3341362Nov 7 2016 — edited Nov 7 2016

Long time we used JDK 6 Jarsigner to sign APK files with jarsigner and a certificate stored in Windows personal certstore (Windows-MY). As JDK 6 is very old now we wanted to move to the newest JDK 8 (1.8.0.111), but we keep getting the error:

jarsigner error: java.security.SignatureException: Keyset does not exist

To reproduce follow this workflow:

- create a certificate using keytool:

"C:\Program Files (x86)\Java\jdk1.8.0_111\bin\keytool.exe" -genkeypair -alias "%Friendly Name%" -keysize 2048 -keyalg RSA -validity 20000 -storetype PKCS12 -keystore c:\%KeyFile%.p12 -storepass %PasswordFromKeePass%

(the long validity is needed for Android)

- Import the p12 into the windows user personal cert store.

- try to sign the apk with following command:

"C:\Program Files (x86)\Java\jdk1.8.0_111\bin\jarsigner.exe" -verbose -storetype Windows-MY -signedjar "D:\%SignedAPK%" "D:\%APKToSign%" "%Friendly Name%"

The command returns:

adding: META-INF/MANIFEST.MF

jarsigner error: java.security.SignatureException: Keyset does not exist

The file SignedAPK gets created and contains the Manifest.mf but nothing else. Executing the same jarsigner command from JDK 6 is working fine with a valid signed apk. Also Keytool list provides valid output for JDK 6 and 8.

Does anyone know whether this is a bug or if we have to change our workflow due to changed Jarsigner behavior?

Best regards,

Klaus

Post Details
Locked on Dec 5 2016
Added on Nov 7 2016
0 comments
1,120 views