Is there a way in keytool to print the publick key of a certificate? I tried:
keytool -printcert -file client.crt
But it gives only the following information:
Owner: CN=client, OU=as, O=as, L=as, ST=as, C=as Issuer: EMAILADDRESS=as, CN=ca, OU=as, O=as, L=as, ST=as, C=as Serial number: 3 Valid from: Tue Apr 10 12:18:47 GMT+05:30 2012 until: Wed Apr 10 12:18:47 GMT+05 :30 2013 Certificate fingerprints: MD5: 26:C0:29:E9:8C:AB:C3:9E:95:38:74:8A:87:D3:86:8D SHA1: 5C:5A:BA:47:44:83:7E:CB:48:BE:DD:E5:39:51:24:42:C6:C5:60:8B SHA256: DA:26:B8:C8:F4:04:3E:62:F3:7F:3B:EC:1D:9F:85:66:28:00:45:55:66: 15:FF:BB:37:77:97:59:F0:EC:0B:B6 Signature algorithm name: SHA1withRSA Version: 1
There is no public key in this.
Chrome 54 and below: If you're using Chrome then click on the green bar to the left of the 'https:' in the address bar, for the VeriSign website the green bar says Symantec Corperation [US] , this will open a pop up. On the pop up click 'Certificate Information'. This will open another pop up.
To obtain the public key from the Android Keystore use java. security. KeyStore#getCertificate(String) and then Certificate#getPublicKey() . To help obtain algorithm-specific public parameters of key pairs stored in the Android Keystore, its private keys implement java.
You can do it with:
keytool -list -rfc -keystore mykeystore.jks -alias certificate_alias -storepass password
Example run:
PS c:\sample> keytool -list -rfc -keystore mykeystore.jks -alias cert_alias -storepass password Alias name: cert_alias Creation date: Apr 25, 2014 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: -----BEGIN CERTIFICATE----- MIIB4zCCAUygAwIBAgIIRzI14w7rL20wDQYJKoZIhvcNAQENBQAwMzELMAkGA1UEBhMCVVMxDTAL BgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUgb3U9Tm9uZTAgFw0xNDA0MjQxNzQ0NDJaGA8yMTE0 MDQyNTE3NDQ0MlowMzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUg b3U9Tm9uZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAivXBBtFnJTm1NbHysv3Mnpn/lCg6 1onJDxr/jkvI8+1Bljs1jktyYOeKDWxJwpDU7QyIqttgtDvRT4Yaew5WiQyADIyY0cBTvp3S7uKx M5C3zxZdG6WTflU7xcYnGk3/d0VhwA6BL9YPsRaS/K+ww1yvxWKIOPW68wDe0ccvGWcCAwEAATAN BgkqhkiG9w0BAQ0FAAOBgQB/5qDMA9fmlCWlOD9aHjBD6I8zAOSshMCFK8XcZJHowag8WtZyL3DR insx2HoDlBewIJAEtAplo2NpeFyNtK93PS7zV+vwEYHCu46Db3klMksp3MmSXD39QPlmwfsGZlja K8Ww0TsR5GtccFMH41KKa+PlvVZNEdZumdrca59olQ== -----END CERTIFICATE-----
You can do that With openssl
.
If this certificate is DER-encoded (binary), use:
openssl x509 -inform der -in client.crt -pubkey -noout
for PEM-encoded use -inform pem
option (or no -inform
at all).
To see details of public key, use:
openssl x509 -inform der -in client.crt -pubkey -noout | openssl rsa -pubin -text -noout
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With