Tuesday, 13 September 2011

Use Windows path separators if you're using the JDK keytool in Windows - backslash "\" not forwardslash "/"

This error "keytool error: java.io.IOException: Keystore was tampered
with, or password was incorrect" may not really mean a password or
keystore problem.

Here's my story:

Kept trying various passwords to add a certificate to my JRE CA using
this command:

./keytool.exe -v -alias certalias -import -file <DomainRootCA>.crt
-keystore ../jre/lib/security/cacerts

And I kept getting

keytool error: java.io.IOException: Keystore was tampered with, or
password was incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:715)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
... 5 more

I tried various passwords. My usual default passwords. "changeit" -
which is usually default for these certs. Nothing worked.

Then remembering how bad these java exceptions are, I changed the
keystore parameter, to see if it would complain about not seeing the

Just remove the "s" from "cacerts"

[everything to the left of this is still the same] -keystore

And still got the same error. Bloody JDK! So maybe it was failing
because it couldn't find the file, but it wasn't being shown in the
error message.

So I changed my path references to backlash "\" instead of "/", even
though I was doing all these under cygwin bash shell.

./keytool.exe -v -alias certalias -import -file <DomainRootCA>.crt
-keystore ..\jre\lib\security\cacerts

Using the first password I tried, "changeit"

And it worked.

The lesson:

1. JDK error messages suck!
2. When using keytool.exe on Windows, make sure your path separators
are "\" and not "/". The fact you're running under bash shell doesn't
affect it.
Remember: Use Windows-based path separators if you're using the JDK
keytool in Windows

Saturday, 10 September 2011

Are you using iPhoto by *its* rules? Make sure your understanding of iPhoto terms is correct.

AAARGH!! Almost buggered up my iPhoto library. Was using "Flagged
photos" to mark favourite photos. Then accidentally selected "Create
Event From Flagged Photos" while trying to split an Event.

Result? An event containing 1000 photos from 2008 to today. And good
thing I Googled it first, because an event is actually like a folder
of photos. So deleting an event would have deleted all the photos in
it. All my favourite photos from my entire library, going back to
2008. Dammit.

But thank <deity> that "Edit -> Undo" can also reverse that operation.

Be careful of "Create Event From Flagged Photos" if you're treating a
"Flagged photo" to indicate a Favourite photo. This is not really what
it's for. Flagging a photo is probably meant for short-term
operations, in the context of creating an event or album going across
multiple windows of photos.

This is where following the rules and reading a bit more would have
helped. The model I *think* I should have been following was:

Event - Physical directory of photos.
Album - Virtual collection of photos.
Album - can have photo from any events
Smart Album - can have photos based on search criteria
Folder - a collection of Albums or Smart Albums


Deleting an Event will delete the photos.
Deleting an Album will not delete the photos.

You should only Flag a photo to maintain a temporary list before
either moving them to an Event or Album. Normally I should put them in
an Album, since I like to keep photos grouped by date on the
filesystem. When I was on Windows using Picasa my workflow was to
first rename any new photos in a photo_upload directory using the
program "jhead" then running a Ruby script to move them into
date-based folders using each photo's EXIF metadata.

Don't keep them for longer than that, lest you mistakenly create an
Event and shove photos from different times into the same folder. If
that happens make sure to go to Edit -> Undo before doing anything

This link cleared things up for me: