{"id":4706,"library":"pyjks","title":"PyJKS","description":"PyJKS is a pure-Python library for reading and writing Java KeyStore (JKS) files. It provides programmatic access to key entries, certificate entries, and trusted certificate entries within a JKS file. The current version is 20.0.0, and it is actively maintained with releases tied to significant updates and improvements.","status":"active","version":"20.0.0","language":"en","source_language":"en","source_url":"https://github.com/kurtbrose/pyjks","tags":["security","java","keystore","jks","cryptography"],"install":[{"cmd":"pip install pyjks","lang":"bash","label":"Install PyJKS"}],"dependencies":[{"reason":"Provides cryptographic primitives for handling keys and certificates, including AES, RSA, and SHA operations.","package":"cryptography","optional":false}],"imports":[{"note":"The package is named 'pyjks', but the main module containing the KeyStore class is 'jks'.","wrong":"from pyjks import KeyStore","symbol":"KeyStore","correct":"from jks import KeyStore"},{"note":"The base exception for JKS-related errors is found in `jks.util`.","symbol":"KeystoreException","correct":"from jks.util import KeystoreException"}],"quickstart":{"code":"import jks\nimport os\n\n# --- Configuration ---\n# Replace 'path/to/your/keystore.jks' with the actual path to your JKS file.\n# For a runnable example, ensure this file exists or temporarily create an empty one.\nkeystore_path = os.environ.get('PYJKS_KEYSTORE_PATH', 'my_keystore.jks')\n\n# Replace 'your_keystore_password' with the actual password for your JKS file.\n# For security, avoid hardcoding passwords in production; use environment variables or a secret management system.\nkeystore_password = os.environ.get('PYJKS_KEYSTORE_PASSWORD', 'changeit')\n\n# --- Quickstart Code ---\ntry:\n    # Attempt to load the keystore from the specified path and password\n    with open(keystore_path, \"rb\") as f:\n        ks = jks.KeyStore.load(f, keystore_password)\n\n    print(f\"Successfully loaded keystore from: {keystore_path}\")\n    print(f\"Keystore type: {ks.ks_type}\")\n    print(f\"Number of entries: {len(ks.entries)}\")\n\n    if not ks.entries:\n        print(\"No entries found in the keystore.\")\n    else:\n        print(\"\\nKeystore Entries:\")\n        for alias, entry in ks.entries.items():\n            print(f\"  Alias: {alias}\")\n            print(f\"    Type: {entry.entry_type}\")\n            if entry.entry_type == 'key':\n                print(f\"    Key Algorithm: {entry.algorithm}\")\n                # Further details like certificate chain can be accessed via entry.cert_chain\n            elif entry.entry_type == 'cert':\n                print(f\"    Certificate Subject: {entry.cert.subject.human_friendly}\")\n                # Further details like issuer, validity, etc., are available on entry.cert\n\nexcept FileNotFoundError:\n    print(f\"Error: Keystore file not found at '{keystore_path}'.\")\n    print(\"Please replace 'my_keystore.jks' with an actual path or create a dummy JKS file for testing.\")\nexcept jks.util.KeystoreException as e:\n    print(f\"Error loading keystore: {e}\")\n    print(\"This often indicates an incorrect password or a corrupted/unsupported JKS format.\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to load a Java KeyStore (JKS) file, authenticate with a password, and iterate through its entries. It uses `os.environ.get` for `KEYSTORE_PATH` and `KEYSTORE_PASSWORD` to allow easy configuration via environment variables or fall back to default placeholders. Error handling for `FileNotFoundError` and `jks.util.KeystoreException` is included for common issues like incorrect paths or passwords."},"warnings":[{"fix":"Refer to the `CHANGELOG.md` and the latest documentation/examples on the GitHub repository for updated API usage, especially around `KeyStore` loading and entry access.","message":"Version 20.0.0 introduced major breaking API changes, particularly for `jks.util.KeyStore` and `jks.util.PrivateKey`. Code written for earlier versions (e.g., 19.x) will likely require updates.","severity":"breaking","affected_versions":">=20.0.0"},{"fix":"Always import classes like `KeyStore` from the `jks` module: `from jks import KeyStore`.","message":"The Python package name is `pyjks`, but the primary module to import is `jks`. Attempting to import `KeyStore` directly from `pyjks` (e.g., `from pyjks import KeyStore`) will fail.","severity":"gotcha","affected_versions":"All"},{"fix":"Ensure you have the necessary build tools (e.g., `build-essential` on Debian/Ubuntu, `Xcode Command Line Tools` on macOS) and Python development headers installed before attempting `pip install pyjks`.","message":"PyJKS depends on the `cryptography` library, which often requires C/C++ compilers and development headers during installation, especially on Linux systems. Installation via `pip` might fail if these prerequisites are not met.","severity":"gotcha","affected_versions":"All"},{"fix":"Always handle `jks.util.KeystoreException` when loading a keystore. If issues persist, verify the JKS file's integrity and version using Java's `keytool` utility or refer to `pyjks`'s GitHub issues for known compatibility notes.","message":"While PyJKS supports JCEKS format as of version 17.0.0, there can be compatibility issues with older or very new Java KeyStore formats or specific providers. Attempting to load an unsupported or corrupted JKS file will raise a `jks.util.KeystoreException`.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}