This is Xamarin's bug tracking system. For product support, please use the support links listed in your Xamarin Account.
Bug 45122 - Import Existing Keystore fails with java.io.IOException: Keystore was tampered with, or password was incorrect
Summary: Import Existing Keystore fails with java.io.IOException: Keystore was tampere...
Status: VERIFIED FIXED
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: Android (show other bugs)
Version: 4.2.0 (C8)
Hardware: PC Windows
: High critical
Target Milestone: 4.2.1 (C8SR1)
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2016-10-06 15:53 UTC by Jon Douglas [MSFT]
Modified: 2016-10-12 19:41 UTC (History)
8 users (show)

See Also:
Tags: BZSRC8
Is this bug a regression?: ---
Last known good build:


Attachments

Description Jon Douglas [MSFT] 2016-10-06 15:53:00 UTC
Description:

There is a pretty significant issue with importing existing keystores in the new 4.2 Archive functionality. The `Import an Existing Key Store` functionality does not validate the proper key password against the keystore which causes either:

`keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect`

or

`keytool error: java.Security.UnrecoverableKeyException: Cannot recover key`

Let's talk about the cases individually:

A) `keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect`

Happens when you attempt to use the `Key Password` in the `Key Password` box

B) `keytool error: java.Security.UnrecoverableKeyException: Cannot recover key`

Happens when you attempt to use the `Keystore Password` in the `Key Password` box (This is incorrect usage, but demonstrating a point)

*Reproduction:

1) Create a new keystore via:

"keytool -genkey -v -keystore Teststore.keystore -alias TestKey -keyalg RSA -keysize 2048 -validity 10000"

When asked for a keystore password, enter "Testing12345"

When asked for a key password, enter "NewTesting12345" (Make sure this differs from the keystore password)

2) Archive a Blank Release Android App and hit "Distribute"

3) Now try to import this keystore, it will fail with either A) or B) from above depending on which password you use. We can assume the following(Based on Android Studio's UI):

- Password = Keystore Password
- Key Password = Key Password

If you attempt to put the `Key Password` in the `Key Password` box, you will run into error A) from above

If you attempt to put the same `Keystore Password` in the `Key Password` box, you will run into error B) from above (Again, an incorrect password and should fail accordingly)

However if you made a keystore with the same Keystore and Key Passwords, it would import just fine.

i.e.

"keytool -genkey -v -keystore Teststore.keystore -alias TestKey -keyalg RSA -keysize 2048 -validity 10000"

When asked for a keystore password, enter "Test12345"

When asked for a key password, enter "Test12345"

This will import as expected.

*Expected Behavior:

Visual Studio should validate correctly with the `key password` as it will not work if the `keystore password` is different than the `key password`. Because of this, old keystores cannot be imported if they have different passwords of `key` and `keystore`.

*Version Information:

Xamarin 4.2.0.703

Xamarin.Android 7.0.1.3
Comment 1 Jon Douglas [MSFT] 2016-10-06 16:41:13 UTC
This behavior previously worked on Cycle 7 builds in Visual Studio (Previous to the Archive workflow), and it currently works in Cycle 8 builds of Xamarin Studio (Mac). Thus I believe this is a regression introduced in the new Archive workflow.
Comment 2 Jon Douglas [MSFT] 2016-10-06 17:00:34 UTC
As a known workaround and the root of this issue, the UI members for "Key" and "Keystore" are swapped. One can simply swap those passwords and the tooling will import accordingly.
Comment 4 xamarin-release-manager 2016-10-11 21:48:03 UTC
Fixed in version 4.3.0.25 (master)

Author: josegallardo
Commit: d1571d6e0c6983f106fdc741f917d266009164e3 (xamarin/XamarinVS)
Comment 5 xamarin-release-manager 2016-10-11 21:48:27 UTC
Fixed in version 4.2.0.745 (cycle8)

Author: josegallardo
Commit: b7700c3367fc826a7e265c9918dd0d51add7e80b (xamarin/XamarinVS)
Comment 6 NMackay 2016-10-12 11:32:01 UTC
Worth noting that although I like what's been done in Cycle8 and android app signing it creates a fundamental issue for us (despite the bug workaround) which means breaking all the keys in our apps when deploying on Hockeyapp.

I wish Xamarin had given us a chance to evaluate this facility before forcing it on us. It's pretty annoying quite frankly.

The issue is discussed here.
https://forums.xamarin.com/discussion/comment/226848/#Comment_226848
Comment 7 Ben Beckley 2016-10-12 19:41:22 UTC
Verified the fix with 4.2.0.745 (cycle8/105a236)

http://screencast.com/t/z4xm3BH1r

Env info: https://gist.github.com/BenBeckley/13b25d681fced8299414c40f1d48ffbe

Note You need to log in before you can comment on or make changes to this bug.