JDK-8192987 : keytool should remember real storetype if it is not provided
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-12-04
  • Updated: 2018-10-16
  • Resolved: 2017-12-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 8
10 b36Fixed 8u162Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
When -storetype is not provided, keytool now uses type probing to load a file-based keystore. However, the real storetype is never remembered and keytool is still using the default storetype ("pkcs12") to validate command and options, and some special pkcs12-only restrictions (For example, keypass and storepass must be same) might be incorrectly enforced on a non-pkcs12 keystore.

For example:

$ keytool -keystore ks -genkeypair -alias a -dname CN=a -storepass changeit -keypass changeit -storetype jks

$ keytool -keystore ks -keypasswd
keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12