keytool -list显示p12密钥库的不同别名,具体取决于您是否提供密码

Question

在特定的p12文件上真的很奇怪.

如果我跑

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug

我明白了

Alias name: 1
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: xxxxxxxxxxxxxxxxx
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

和

Your keystore contains 1 entry

1, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

但是,如果我在命令中没有提供密码,

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12
keytool -v -list -storetype pkcs12 -keystore my_debug_keystore.p12

输出不同,

Alias name: 2
Creation date: Aug 17, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sixminute, OU=, O=, C=IE
Issuer: CN=sixminute, OU=, O=, C=IE
Serial number: 2d36623161363935353a31336165303361636133313a2d38303030
Valid from: Wed Nov 07 13:34:40 GMT 2012 until: Sun Nov 08 13:34:40 GMT 2037
Certificate fingerprints:
     MD5:  xxxxxxxxxxxxxxxxx
     SHA1: xxxxxxxxxxxxxxxxx
     Signature algorithm name: SHA1withRSA
     Version: 3

和

Your keystore contains 1 entry

2, Aug 17, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): xxxxxxxxxxxxxxxxx

特别是同一个密钥的不同别名(密钥的MD5和SHA1仍然相同).

任何想法都是这样的情况？

Answer 1

别名不是PKCS 12概念。有一个友好名称属性，但它是非常可选的。因此，我想Java只是组成了它所报告的Alias名称。但是不知道为什么会有所不同，因为安全袋的顺序应该相同。