NOTE: The Keystash has been enhanced, and is no longer accessible this way. If you’ve lost your keystore password now – all bets are off. Sorry.
On the other hand, if you at least have the stash, you can likely export the keys and move them into a new keystore of your choice, with a new password.
This is an oldie, but a goodie, just encountered a customer who’d lost the password to their WebSEAL keystore. Fortunately, assuming you have the stash file (<keystore name>.sth – in the same directory as the keystore .kdb file). Which you would – if the keystore is still being used actively, then you can easily extract the obfuscated keystore password.
Here is a Perl script that can unstash the password.
—————-unstash.pl begin ————————
use strict;
die "Usage: $0 <stash file>n" if $#ARGV != 0;
my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";
my $stash;
read F,$stash,1024;
my @unstash=map { $_^0xf5 } unpack("C*",$stash);
foreach my $c (@unstash) {
last if $c eq 0;
printf "%c",$c;
}
printf "n";
———————unstash.pl end—————–
Usage:
perl unstash.pl keystore.sth
Perl Source: javagongura.blogspot.sg/2010/11/password-recovery-from-stash-file.html
Have copied locally – since I’ve used this a few times.
The stash file is just an XOR’ed copy of the password – XOR’d with 0xf5.
Philip Nye 