Getting Invalid keystore format (magic)

[jor3l]

Hi,

I'm trying to use this to consume SOAP but my generated jks does not work (giving me the error in the title), this is the command I used to generate the keystore:

keytool -genkey -alias alias -keypass password -keystore test.jks -storepass password -dname "cn=NAME" -keyalg RSA

Any idea why? Thanks!

[lenchv]

Hi @jor3l ,

I do not have any troubles with retrieving certs. I generated keystore using attached command and extract certs as following:

const trustedStore = jks.toPem(fs.readFileSync(__dirname + '/test.jks'), 'password');

Here is an output:

{
    "alias": {
        "cert": "-----BEGIN CERTIFICATE-----\nMIICvTCCAaWgAwIBAgIEf5uZ6DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRO\nQU1FMB4XDTIwMDgxODE3MTkwOFoXDTIwMTExNjE3MTkwOFowDzENMAsGA1UEAxME\nTkFNRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKM3T3J5sy/K77k2\nVVgL6wZceBfBltD0b3abgq4uNycP5nDCE2Xv8LuKzy7dO+xntQeFFt9nD6zrwEVA\ntwcOk3R/JareB9t+gdHl2tSMoUGpiwPRXiMjFxVimfIEC/jYkZMu/BWv8pbr19+a\nw78uA6pLRwB52guB0ic3oiKol91mGOKQkTyAkJwroNdsClE4KVlC+FULuZ2cxPMC\n4qjiFXN0AcVI1i6M7n0WQoUhB4YW/PTzc9NWi0U414kybkisA+NgW+gAtsuybIsv\nvbzodmIYg3TC7HIz2JHtY1eiPAj/pVlVBM//asKpaj6mQnWlk1ryUUCC4d1efAwK\nrP8RVNcCAwEAAaMhMB8wHQYDVR0OBBYEFCacO6WgMchlHuJJ2nTmRDzb6iL1MA0G\nCSqGSIb3DQEBCwUAA4IBAQANWhqIVzFI0N/PYl3kWOAdQk18k7R6SIdTNWrYzk1u\n5+7C5Q5i9O/oGsSEkT4ilIRmOF+BOUuUorADJgdQX02hRmY4QTqsnzYwUy9uSeJB\nasnfaNZVHE7WIbrQcVeMzGrOyvWJXv2L873912Opn4l1rUUEOdsGg1cTSQrXxfrw\nN7tdJyD9MwVfpnXGw5Aun9900layWiP9ofhcLzaclwK2jSfASkD0/9jM6WPS7W5K\nR9ValMmCBI2nDrvJRmbOwWHqKs18Z36bjJ6dqkaHZq8pMLFljaaFgmdqB551F2c9\nS0B5QViG7KQCuCsK3yB/cLg5NJjPJVMDUKGPZrEdyxkp\n-----END CERTIFICATE-----\n",
        "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjN09yebMvyu+5\nNlVYC+sGXHgXwZbQ9G92m4KuLjcnD+ZwwhNl7/C7is8u3TvsZ7UHhRbfZw+s68BF\nQLcHDpN0fyWq3gfbfoHR5drUjKFBqYsD0V4jIxcVYpnyBAv42JGTLvwVr/KW69ff\nmsO/LgOqS0cAedoLgdInN6IiqJfdZhjikJE8gJCcK6DXbApROClZQvhVC7mdnMTz\nAuKo4hVzdAHFSNYujO59FkKFIQeGFvz083PTVotFONeJMm5IrAPjYFvoALbLsmyL\nL7286HZiGIN0wuxyM9iR7WNXojwI/6VZVQTP/2rCqWo+pkJ1pZNa8lFAguHdXnwM\nCqz/EVTXAgMBAAECggEAD7CVdo+0ZffAK7HJanla0nW5Ja96bAPTYzd3zH6s1ph0\nsoo1iysRnTWuzPZ/eC5P/LUSic9CdoEDLqUV8xu3mQ9P86j8YGE84YyTCLOsHL/L\nmUZbIk2RPoEIA3fYHsfS1q9BlGQhkdiCHACoqIwn1gr+fFE6YLjOFu8GKwbB8opi\nimGo97lbR7bJKHSx8MASVGpumt5oRhmOyGbGzWvqffdmwqcVddk26Edt3qrhKZFX\nTV/CIFFQNSw3RC8G/O5mDZj0OJyHgZg7YMaSHwfqd8zCnianZdiDRDGj/VyDJcrS\n7Jweo38LNAah0vpCJUnJ7zf7kOjAFL/MefJy+FiBIQKBgQDgKo3ihczmTOoLzo/R\nnZg+lRjm9cwxe6buN9a5OKhSeeRbjjip4xwv+lGp037MZDKQUuOukBk64AQaZrDC\nqv/J+E9dOAofN/NhIbuS5QTzRwX3NH6wb116Q/OuE7PGdqH6EhPKBiKJjWTWgIo2\neaR/9eA/MaiZtPBSvnYM9d9oYwKBgQC6ZPHOBxCEEbtzlQ6C7G6K2Rnaixe+kBZ5\nMPNOKg+BO3mtSIriyfM7mw3QhbexcW9cRM1P5+o8I69wPL6oCq43ziy3GzV9fAav\nX59JArdnKRUM3TprSjIoealn7+DJBgOXy+0Qizd3mFeufwpyZx7aI9B0MhxlMQzA\nEaWnj8yZ/QKBgQCzbhyIFyV9qk8lCEBiPs0gOuPl6xV4/ksOHzAGrm09J0g8aMi+\nY4WqealoUFwMap92moKYtcscLzfZkh0mlQ2Nsu6D5Vlkx7pOI1wrJpohyNXjm+dU\nfq/KMB4bVrXtxAO/UTz51pNKmxz9/YGkPRYJPtwyeSNFdWlwMff4Q86BlQKBgQCx\n4zjqmc9nW8z8aBsrVB3DoaKM8gY9NiJckx0BUh7uBScA+6ShAH+EOVybz6IaVNok\nwvz276yarKv4f+CtW1QdqkT+k5cfJUj0AlxwP4ltiMWwO0pPrsXj3wiQS1zKPVUc\nf+DF0zeiid/UhyYfPM8y/M8qtdBnusIiZDUmj5SCuQKBgH0BaA93dB2siZYkLjP6\nYrurNMpFsoW76H+m7HOd8eIXt0nGhBEAwgpAVjYKnAUAjQJPPZpTC5+zcxIyvDTN\n1FUR2nibUbZiFkh80U6CM97o6bl6C2DOzuc6cN2mOUUkRZ5DxKJj4VkwUnev5ZTj\nlN685SoYMbM7vbC2teIiESE5\n-----END PRIVATE KEY-----\n"
    }
}

could you provide the error the library throws?

[jor3l]

Very strange, this is the error I get, same code as yours, same command to create the jks. I'm on MAC, maybe it has something to do?

Error: Invalid keystore format
    at JavaKeyStoreParser.assertMagic (/Users/username/culcheck/jkstest/node_modules/jks-js/lib/keystore/JavaKeyStoreParser.js:55:10)
    at JavaKeyStoreParser.parse (/Users/username/culcheck/jkstest/node_modules/jks-js/lib/keystore/JavaKeyStoreParser.js:73:8)
    at parseJks (/Users/username/culcheck/jkstest/node_modules/jks-js/lib/index.js:25:13)
    at Object.toPem (/Users/username/culcheck/jkstest/node_modules/jks-js/lib/index.js:29:18)
    at Object.<anonymous> (/Users/username/culcheck/jkstest/index.js:4:26)

[jor3l]

➜  jkstest git:(master) ✗ keytool -list -v -keystore test.jks
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: alias
Creation date: Aug 18, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=NAME
Issuer: CN=NAME
Serial number: 36ac842a
Valid from: Tue Aug 18 13:25:17 COT 2020 until: Mon Nov 16 13:25:17 COT 2020
Certificate fingerprints:
         SHA1: 2D:30:A9:AB:46:F4:8C:F6:EC:CC:AD:92:36:C7:64:9B:15:0C:A9:F5
         SHA256: 69:3B:5B:90:27:8F:82:98:56:CF:C5:73:1E:D0:65:B6:0F:CB:E1:61:E5:5C:82:9F:FD:DA:4A:EB:50:59:61:20
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AE 67 22 64 02 6D 88 5E   30 44 97 77 14 31 A4 28  .g"d.m.^0D.w.1.(
0010: A1 B5 F3 5E                                        ...^
]
]



*******************************************
*******************************************

[lenchv]

I see it is because of "Keystore type: PKCS12", currently the lib supports "Keystore type: jks". I'll see what I can do and update the issue

[jor3l]

I thought it had something to do with that but I'm not sure why my key is getting that type instead of jks, maybe is a Mac thing?

[lenchv]

Actually, I don't know, not sure it is related to Mac, probably the java version. As a solution you can use node-forge lib:

const fs = require('fs');
const forge = require('node-forge');

const parse = (keystore, alias, password) => {
	const p12Buffer = keystore.toString("base64");
	const p12Der = forge.util.decode64(p12Buffer);
	const p12Asn1 = forge.asn1.fromDer(p12Der);
	const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password || "");
	const bags = p12.getBags({friendlyName: alias}).friendlyName;
	const key = forge.pki.privateKeyToPem(bags[0].key);
	const cert = forge.pki.certificateToPem(bags[1].cert);

	return {
		key: key.replace(/\r\n/g, '\n'),
		cert: cert.replace(/\r\n/g, '\n')
	};
};

const parsed = parse(
	fs.readFileSync(__dirname + '/test.jks'),
	'alias',
	'password'
);

[lenchv]

Please, let me know if it helps