Keystore change passwords

Question

I currently have a keystore, with a particular password that only I should know. I now need to give access to that keystore to someone else, so I would like to either:

1) Change the password, so I can share it with others and let them sign
2) Create a different password and allow them to sign with it.

Is this possible? and - if yes - how?

score 522 · Accepted Answer · edited Oct 16 '13 at 08:30

522

Keystore only has one password. You can change it using keytool:

keytool -storepasswd -keystore my.keystore

To change the key's password:

keytool -keypasswd  -alias <key_name> -keystore my.keystore

edited Oct 16 '13 at 08:30

Luminger

2,074
13
20

answered May 22 '10 at 20:16

ZZ Coder

70,824
28
129
163

6

Great, so the signature of the apk will be the same? Just the password will change? This is what I need too. Chose a bad password, now need to change it. – Matthew Rudy Nov 15 '11 at 07:50
6

Signature won't change, as app is NOT signed with the keystore, but with certificate you keep in keystore. – Marcin Orlowski Jan 16 '13 at 19:46
keyName is the name of the alias, eg. -alias Dipu – ılǝ Apr 02 '14 at 07:50
25

To remove the password for key, one has to set the same password as for keystore, may be useful for someone ;-) – Betlista Jun 10 '15 at 11:43
Does this apply to `.jks` too? My keystore is .jks generated by Android Studio – Jan 01 '17 at 17:55
@CodigosTutoriales `.jks` stands for **J**ava **K**ey**S**tore, it's the same thing. – n00dl3 Jan 20 '17 at 16:11
@Betlista +1 for the man who rembers to dot the i's and cross the t's! – qualebs May 23 '17 at 16:07
Found this tool which has a more visual view of of the jks files http://keystore-explorer.org/index.html – Bogdan Dec 14 '17 at 15:03
And how can we do it programmatically? – Akmal Salikhov Oct 10 '19 at 16:29
The default password is `changeit`. – Rajat Garg Feb 07 '20 at 06:49
When I try this with a `.bks` keystore, I get `java.io.IOException: Invalid keystore format`. – LarsH Feb 11 '21 at 20:29

score 86 · Answer 2 · answered May 22 '10 at 20:18

86

[How can I] Change the password, so I can share it with others and let them sign

Using keytool:

keytool -storepasswd -keystore /path/to/keystore
Enter keystore password:  changeit
New keystore password:  new-password
Re-enter new keystore password:  new-password

answered May 22 '10 at 20:18

Pascal Thivent

535,937
127
1,027
1,106

does this change the password for the key inside too? – over_optimistic Jul 06 '12 at 15:47
4

No. Keystore is one things, passwords (note plural) is another. Use `keytool -keypasswd -alias -keystore my.keystore` to change password of private key `` – Marcin Orlowski Jan 16 '13 at 19:45
6

after enter keystore pass -changeit it gives error keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect – Dilip Nov 25 '13 at 10:25
@Dipu, I am getting same error. Have you managed to resolved that – JiteshW Feb 07 '16 at 11:14
You can verify that the password has changed (if you have doubt) by running the exact same command again. After it prompts for the existing password, if you enter a password that is incorrect, it'll say you entered the wrong password or the file has been tampered with and abort. – ArtOfWarfare Apr 07 '16 at 13:55

user98239820 · Answer 3 · 2015-06-22T02:28:16.430

52

Changing keystore password

$ keytool -storepasswd -keystore keystorename
Enter keystore password:  <old password>
New keystore password: <new password>
Re-enter new keystore password: <new password>

Changing keystore alias password

$keytool -keypasswd -keystore keystorename -alias aliasname
Enter keystore password:  
New key password for <aliasname>: 
Re-enter new key password for <aliasname>:

Note:

**Keystorename**: name of your keystore(with path if you are indifferent folder) 
**aliasname**: alias name you used when creating (if name has space you can use \) 
for example: $keytool -keypasswd -keystore keystorename -alias stop\ watch

edited Jun 22 '15 at 02:28

answered Jan 20 '14 at 08:09

user98239820

1,293
2
13
29

1

It works thank you! One more thing I want to add to change alias name which I wanted and got from a forum. keytool -changealias -keystore my.keystore -alias my_name -destalias my_new_name – Jugal Panchal Sep 20 '14 at 05:03
While changing the alias password I get: UnrecoverableKeyException: Cannot recover key Any suggestions? – Foo Jun 21 '15 at 12:54
@Foo did you ever figure out that issue? I'm getting the same error – Ryan Newman May 09 '16 at 23:04
3

Changing keystore alias password what ever you shown doesn't work, It won't ask New key password for . It asks existing password for which is not known in this case. – Shivaraj Patil Nov 11 '16 at 19:29
I still get Cannot recover key at the step: New key password for : Any ideas? I just created the key in Android Studio, uploaded, realized I had to update something and now it doesnt work :/ – Dewald Els Nov 08 '17 at 08:47

score 22 · Answer 4 · edited Jan 28 '18 at 23:55

22

To change the password for a key myalias inside of the keystore mykeyfile:

keytool -keystore mykeyfile -keypasswd -alias myalias

edited Jan 28 '18 at 23:55

Randall Arms Jr.

368
1
3
19

answered Aug 28 '12 at 18:10

OriolJ

2,649
1
24
20

What is "inside key"? – IgorGanapolsky Oct 26 '13 at 02:44
5

Sorry for my bad explanation. You can change the password of the keystore or the password of one of the keys you have stored on the keystore. That's what I mean with "inside key". – OriolJ Oct 29 '13 at 09:50

score 9 · Answer 5 · answered Feb 10 '14 at 08:49

If the keystore contains other key-entries with different password you have to change them also or you can isolate your key to different keystore using below command,

keytool -importkeystore  -srckeystore mystore.jck -destkeystore myotherstore.jks -srcstoretype jceks
-deststoretype jks -srcstorepass mystorepass -deststorepass myotherstorepass -srcalias myserverkey
-destalias myotherserverkey -srckeypass mykeypass -destkeypass myotherkeypass

Alexander Pogrebnyak · Answer 6 · 2019-02-06T16:34:31.257

9

For a full programmatic change (e.g. install program) and no prompting

#!/bin/bash -eu

NEWPASSWORD=${1}
OLDPASSWORD=${2}

keytool -storepasswd -new "${NEWPASSWORD}" \
  -storepass "${OLDPASSWORD}" \
  -keystore /path/to/keystore

Full disclosure: I DO NOT recommend running this command line in a shell, as the old and new passwords will be saved in the shell's history, and visible in console.

edited Feb 06 '19 at 16:34

answered Feb 06 '19 at 16:12

Alexander Pogrebnyak

42,921
9
97
117

score 7 · Answer 7 · answered Jun 01 '16 at 21:12

There are so many answers here, but if you're trying to change the jks password on a Mac in Android Studio. Here are the easiest steps I could find

1) Open Terminal and cd to where your .jks is located

2) keytool -storepasswd -new NEWPASSWORD -keystore YOURKEYSTORE.jks

3) enter your current password

score 6 · Answer 8 · answered Jul 19 '18 at 08:33

6

KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface.

Open an existing KeyStore
Tools -> Set KeyStore password

answered Jul 19 '18 at 08:33

Rafael Membrives

516
4
11

best solution! Better than writing to the terminal. Using this software - I was able to change the passwords and add new key pairs. Highly recommend – Dan Alboteanu Feb 29 '20 at 11:36

Keystore change passwords

8 Answers8

Linked