Convert a .pk8 file to .key file

Question

I have a .pk8 file and I want to convert it into .key file format,so that I can move them into a pkcs12 store and then later to java keystore using keytool.

Please suggest possible solutions??

Answer 1

Use the OpenSSL command line tool to convert your PKCS#8 file to a plain private key first:

openssl pkcs8 -in file.pk8 -out key.pem

If that gives you an error it's probably because the key is in DER format, try this then:

openssl pkcs8 -in file.pk8 -inform DER -out key.pem

Gather the certificates you want to be in your PKCS#12 key store and make sure they are PEM-encoded (open them in a text editor - if the file starts with '----- BEGIN X.509 CERTIFICATE -----' or similar then you're already good to go):

openssl x509 -in single_cert.cer -inform DER -out single_cert.pem

Open a text editor and paste all the PEM-encoded certificates plus the contents of key.pem in that file, one after the other to get a file like this:

----- BEGIN RSA PRIVATEKEY ----- '' or another format, depends on your key
...contents of your key file
----- END RSA PRIVATEKEY -----
----- BEGIN X.509 CERTIFICATE -----
...contents of certificate 1
----- END X.509 CERTIFICATE -----
----- BEGIN X.509 CERTIFICATE -----
...contents of certificate 2
----- END X.509 CERTIFICATE -----
...

Save this, e.g. as all.pem. To finally create your PKCS#12 key store, issue this command:

openssl pkcs12 -export -in all.pem -out file.p12 -name "somename"

Provide a password and your done. The name parameter is going to be your "alias" in the Java world.

Answer 2

Following this guide worked for me. Specifically using keytool-iui to import the private key.