how to change PKCS12 keystore password using keytool?

Question

I cannot change PKCS keystore password using keytool (java 8). When I tried to change the key password:

keytool -keypasswd -keystore keystore.p12 -storetype PKCS         


        

Answer 1

I know the question is about using keytool, but if that is not an strict requirement, you can use openssl instead:

1. Export certs and keys to a temp.pem file without password protection. This will ask you interactively for the decrypt password:

   openssl pkcs12 -in keystore.p12 -out temp.pem -nodes
   

2. Export from temp.pem file to a new PKCS#12 file. This will ask you interactively for the new encrypt password:

   openssl pkcs12 -export -in temp.pem -out keystore-new.p12
   

3. Remove the temporary file:

   rm temp.pem
   

⚠️ It is important that you do this in a folder where nobody else has permission to read, because as long as the temp.pem file exist, the keys inside could be read.