'java.security.UnrecoverableKeyException' keytool error
Applies To
Java SE JDK and JRE - Version 7 to 16 Any platform
Introduction
The keytool command:
keytool -importkeystore -srckeystore cloud_dev_wallet_0142.p12 -srcstoretype PKCS12 -srcprovidername JsafeJCE -destkeystore cloud_dev_wallet_0142.rsa -deststoretype PKCS12 -destprovidername JsafeJCE -providerclass com.rsa.jsafe.provider.JsafeJCE -providerpath $CLASSPATHfails with the following error:
keytool error: java.security.UnrecoverableKeyException: Could not decrypt key: Could not decrypt data.This issue has been observed with JDK 7u311, 8u301, 11.0.12, 16, and above releases.
Cause
The issue is with the JSafeJCE provider support for recently upgraded default PKCS12 encryption algorithm in JDK.
The details of the upgrade can be found in the Release Notes.
Solutions
- Upgrade to CryptoJ 6.2.6. This will fix the issue.
- Use System property
keystore.pkcs12.legacyto revert back to using older/weaker algorithms as in previous JDK versions; refer the above mentioned release notes for details. For example:
keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore cloud_dev_wallet_0142.p12 -srcstoretype PKCS12 -srcprovidername JsafeJCE -destkeystore cloud_dev_wallet_0142.rsa -deststoretype PKCS12 -destprovidername JsafeJCE -providerclass com.rsa.jsafe.provider.JsafeJCE -providerpath $CLASSPATHLast reviewed on Sat Feb 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)