Keytool's -storepass vs. -keypass -- Why 2 passwords?

android security keytool
ef2011 picture ef2011 · May 10, 2011 · Viewed 25.7k times · Source

I understand that the -keypass option is for "the password for the key" and that the -storepass option is for "a password for the keystore".

I don't understand, however, why two passwords are needed.

What scenarios are there for requiring 2 passwords: One for the store (file, in my case) and one for the key.

Answer

Andrew White picture Andrew White · May 10, 2011

This is due to how Java handles keystores so it's not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs.

In short, you may trust someone to view/update your keystore but not sign things with a key you store in the keystore. Plus, keys could be stored in multiple keystores and you want your keys locked down individually.

Related questions

How to avoid reverse engineering of an APK file?

I am developing a payment processing app for Android, and I want to prevent a hacker from accessing any resources, assets or source code from the APK file. If someone changes the .apk extension to .zip then they can unzip …

Read More
How to prevent Screen Capture in Android

Is it possible to prevent the screen recording in Android Application? I would like to develop an Android Secure Application. In that I need to detect screen recording software which are running background and kill them. I have used SECURE …

Read More
How permission can be checked at runtime without throwing SecurityException?

I design a function that may get/set a resource from SD and if not found from sd then take it from Asset and if possible write the asset back to SD This function may check by method invocation if …

Read More