Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I list / export private keys from a keystore?

Tags:

java

ssl

keystore

How do I list and export a private key from a keystore?

like image 892
ScArcher2 Avatar asked Sep 29 '08 19:09

ScArcher2

People also ask

How do I know if my keystore has a private key?

First call keytool -list -keystore myStore to know which alias to look for, then call this program with the passwords and parameters. In case of a private key entry, it shows the key itself and additionally a self-signed certificate which contains the public key, in a readable form.

How do I export a JKS file key?

Exporting the public key from a JSK is quite straightforward with the keytool utility, but exporting the private key is not allowed. Therefore, we need to get the support of the openssl utility for that. Additionally, you can write some custom Java code to get the private key extracted as well.

Does JKS file contains private key?

The private key entry is password protected. Generally, a JKS type of key store can have only one private key entry in a key store file.

1 Answers

You can extract a private key from a keystore with Java6 and OpenSSL. This all depends on the fact that both Java and OpenSSL support PKCS#12-formatted keystores. To do the extraction, you first use keytool to convert to the standard format. Make sure you use the same password for both files (private key password, not the keystore password) or you will get odd failures later on in the second step.

keytool -importkeystore -srckeystore keystore.jks \     -destkeystore intermediate.p12 -deststoretype PKCS12

Next, use OpenSSL to do the extraction to PEM:

openssl pkcs12 -in intermediate.p12 -out extracted.pem -nodes

You should be able to handle that PEM file easily enough; it's plain text with an encoded unencrypted private key and certificate(s) inside it (in a pretty obvious format).

When you do this, take care to keep the files created secure. They contain secret credentials. Nothing will warn you if you fail to secure them correctly. The easiest method for securing them is to do all of this in a directory which doesn't have any access rights for anyone other than the user. And never put your password on the command line or in environment variables; it's too easy for other users to grab.

like image 92
Donal Fellows Avatar answered Oct 01 '22 09:10

Donal Fellows
Sign in to Comment

Related questions

Java stack overflow error - how to increase the stack size in Eclipse?
InputStream vs InputStreamReader
How to disable loggers of a class or of whole package?
Integration Testing POSTing an entire object to Spring MVC controller
Write in body request with HttpClient
Convert string to Date in java
How to search for a string in JAR files
How to most elegantly iterate through parallel collections?
Maven Scope for Lombok (Compile vs. Provided)
comparator with null values
How is hashCode() calculated in Java
How can I implement custom Action Bar with custom buttons in Android?
How can I find whitespace in a String?
Count the number of items in my array list
java.lang.IllegalAccessError: class lombok.javac.apt.LombokProcessor cannot access class com.sun.tools.javac.processing.JavacProcessingEnvironment [duplicate]
How can I Insert JSON object into Postgres using Java preparedStatement?
What is the default maximum heap size for Sun's JVM from Java SE 6?
Why does my Eclipse Indigo crash on Ubuntu 13.04 with Oracle JDK 64bit?
What is the difference between String and StringBuffer in Java?
cannot start jstatd due to permission error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!