Export secret key from jck key store

Question

We have a jck keystore (jceks) format containing a secret key. It was generated using keytool command

keytool -genseckey -alias mykey -keyalg AES -keysize 256 -storetype jceks -keystore mykeystore.jks

We need to share this with another application and they seem to have limitations in working with jck store. They are asking for the key to be exported and supplied to them.

We tried a few tools, but are not able to export the secret key. Is there a command or workaround to achieve this ?

Answer 1

keytool doesn't support exporting of Secret Keys. You could use the KeyStore api to do this.

KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new FileInputStream(new File("KEYSTORE_PATH")), "PASSWORD".toCharArray());

SecretKey key = (SecretKey) ks.getKey("ALIAS", "PASSWORD".toCharArray());

System.out.println(new String(Base64.encode(key.getEncoded())));

Answer 2

KeyStore Explorer shows the key as a hex string if you double-click on it: