问题
I understand that the -keypass option is for "the password for the key" and that the -storepass option is for "a password for the keystore".
I don't understand, however, why two passwords are needed.
What scenarios are there for requiring 2 passwords: One for the store (file, in my case) and one for the key.
回答1:
This is due to how Java handles keystores so it's not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs.
In short, you may trust someone to view/update your keystore but not sign things with a key you store in the keystore. Plus, keys could be stored in multiple keystores and you want your keys locked down individually.
回答2:
Keytool uses storepass and keypass for different purposes.
storepass is used to access the key store
keypass is used to access the particular key pair's private key.
However, a password should not be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system.
来源:https://stackoverflow.com/questions/5954459/keytools-storepass-vs-keypass-why-2-passwords