Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to print the public key of a certificate using keytool?

Is there a way in keytool to print the publick key of a certificate? I tried:

keytool -printcert -file client.crt 

But it gives only the following information:

Owner: CN=client, OU=as, O=as, L=as, ST=as, C=as Issuer: EMAILADDRESS=as, CN=ca, OU=as, O=as, L=as, ST=as, C=as Serial number: 3 Valid from: Tue Apr 10 12:18:47 GMT+05:30 2012 until: Wed Apr 10 12:18:47 GMT+05 :30 2013 Certificate fingerprints:          MD5:  26:C0:29:E9:8C:AB:C3:9E:95:38:74:8A:87:D3:86:8D          SHA1: 5C:5A:BA:47:44:83:7E:CB:48:BE:DD:E5:39:51:24:42:C6:C5:60:8B          SHA256: DA:26:B8:C8:F4:04:3E:62:F3:7F:3B:EC:1D:9F:85:66:28:00:45:55:66: 15:FF:BB:37:77:97:59:F0:EC:0B:B6          Signature algorithm name: SHA1withRSA          Version: 1 

There is no public key in this.

like image 247
Ashwin Avatar asked Apr 11 '12 09:04

Ashwin


People also ask

How do I find the public key of a certificate?

Chrome 54 and below: If you're using Chrome then click on the green bar to the left of the 'https:' in the address bar, for the VeriSign website the green bar says Symantec Corperation [US] , this will open a pop up. On the pop up click 'Certificate Information'. This will open another pop up.

How do I find my public keystore key?

To obtain the public key from the Android Keystore use java. security. KeyStore#getCertificate(String) and then Certificate#getPublicKey() . To help obtain algorithm-specific public parameters of key pairs stored in the Android Keystore, its private keys implement java.


2 Answers

You can do it with:

keytool -list -rfc -keystore mykeystore.jks -alias certificate_alias -storepass password 

Example run:

PS c:\sample> keytool -list -rfc -keystore mykeystore.jks -alias cert_alias -storepass password Alias name: cert_alias Creation date: Apr 25, 2014 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: -----BEGIN CERTIFICATE----- MIIB4zCCAUygAwIBAgIIRzI14w7rL20wDQYJKoZIhvcNAQENBQAwMzELMAkGA1UEBhMCVVMxDTAL BgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUgb3U9Tm9uZTAgFw0xNDA0MjQxNzQ0NDJaGA8yMTE0 MDQyNTE3NDQ0MlowMzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUg b3U9Tm9uZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAivXBBtFnJTm1NbHysv3Mnpn/lCg6 1onJDxr/jkvI8+1Bljs1jktyYOeKDWxJwpDU7QyIqttgtDvRT4Yaew5WiQyADIyY0cBTvp3S7uKx M5C3zxZdG6WTflU7xcYnGk3/d0VhwA6BL9YPsRaS/K+ww1yvxWKIOPW68wDe0ccvGWcCAwEAATAN BgkqhkiG9w0BAQ0FAAOBgQB/5qDMA9fmlCWlOD9aHjBD6I8zAOSshMCFK8XcZJHowag8WtZyL3DR insx2HoDlBewIJAEtAplo2NpeFyNtK93PS7zV+vwEYHCu46Db3klMksp3MmSXD39QPlmwfsGZlja K8Ww0TsR5GtccFMH41KKa+PlvVZNEdZumdrca59olQ== -----END CERTIFICATE----- 
like image 99
Vlad Sankin Avatar answered Sep 28 '22 18:09

Vlad Sankin


You can do that With openssl.

If this certificate is DER-encoded (binary), use:

openssl x509 -inform der -in client.crt -pubkey -noout 

for PEM-encoded use -inform pem option (or no -inform at all).

To see details of public key, use:

openssl x509 -inform der -in client.crt -pubkey -noout | openssl rsa -pubin -text -noout 
like image 42
Grzegorz Grzybek Avatar answered Sep 28 '22 20:09

Grzegorz Grzybek