31

I understand that the -keypass option is for "the password for the key" and that the -storepass option is for "a password for the keystore".

I don't understand, however, why two passwords are needed.

What scenarios are there for requiring 2 passwords: One for the store (file, in my case) and one for the key.

ef2011
  • 10,041
  • 12
  • 46
  • 67
  • Your `storepass` password is to verify the integrity of a keystore/truststore. Your `keypass` password is actually to decrypt a private or secret key. Yes you can still just "view" public certificates without inputting any passwords but.....you won't be able verify their integrity. So what's the point? – ManRow Apr 17 '20 at 16:27
  • Another way to think of it is like `storepass` is like a hidden symmetric key for a "keystore/truststore" MAC (message authentication), while `keypass` is like the actual *decryption key itself*. So the latter actually protects the private/secret keys stored inside. – ManRow Apr 17 '20 at 16:29

2 Answers2

30

This is due to how Java handles keystores so it's not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs.

In short, you may trust someone to view/update your keystore but not sign things with a key you store in the keystore. Plus, keys could be stored in multiple keystores and you want your keys locked down individually.

Eng.Fouad
  • 111,301
  • 67
  • 311
  • 403
Andrew White
  • 51,542
  • 18
  • 111
  • 135
  • Thanks. At first I thought this feature of 2 passwords is really useful for teams but doesn't make a difference for single-person development "team". Then I read the last sentence in your answer and realized it could be useful for a single developer as well. Thanks++ (will accept shortly). – ef2011 May 10 '11 at 18:21
17

Keytool uses storepass and keypass for different purposes.

storepass is used to access the key store

keypass is used to access the particular key pair's private key.

However, a password should not be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system.

Techie
  • 43,532
  • 40
  • 152
  • 238