Skip to main content
Software View

Main navigation

  • Home
  • Trainer Profile
  • Blog
  • Contact
User account menu
  • Log in

Breadcrumb

  1. Home
  2. Blog

Exporting the private key from a jks file (Java keystore)

By Kamal Wickramanayake, 18 June, 2008

Some seems to have used complicated mechanisms including writing new software to do so. Here's a simple approach:

1. Import the keystore from JKS to PKCS12

keytool -importkeystore -srckeystore mystore.jks -destkeystore mystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass mysecret -deststorepass mysecret -srcalias myalias -destalias myalias -srckeypass mykeypass -destkeypass mykeypass -noprompt

Note that the above command will generate a warning regarding '-destkeypass'. But if you omit that option, importing does not work properly (I tried in JDK 1.6.0_03).

2. Convert pkcs12 to pem using openssl

openssl pkcs12 -in mystore.p12 -out mystore.pem -passin pass:mysecret -passout pass:mysecret

That's it. Try 'cat mystore.pem'. You will see that both the private key and the certificate appears there.

If you are familiar with openssl and wish to use the private key to sign say another certificate, you can try the following:

openssl x509 -req -days 365 -in newclient.csr -CA mystore.pem -CAcreateserial -out newclient.cer -passin pass:mysecret -extfile openssl.cnf -extensions v3_usr

Note that here we assume the private key in mystore.pem is of a certificate authority (CA).

I didn't try the reverse of this. That is getting the private key in a pem file to a jks file. Hopefully, the same steps executed in reverse order (with the in/out options reversed) should work.

Related:

  • In case you are interested in a cool script (works in Linux) that generates keys, certificates and signatures, look at http://www.swview.org/jkscertgen
  • If you need a collection of keys, certificates to test your application (in the form of .jks files), visit this page: http://www.swview.org/blog/sample-x509-certificate-collection-publicprivate-keys-java
Java
Security

Highlights

  • O'Reilly Book "97 Things Every Software Architect Should Know" Accepts A Write Up From Kamal
  • "Service Oriented Architecture - Making IT Infrastructure Speaks Business" - Presentation At The ISACA 4th Annual Conference
  • The Second Bacth Of ICTA Nanasala e-Society Members Receives Trainings On HTML/CSS and GIMP
  • GIMP Training For ICTA Nanasala Project
  • Agile Processes Training For PPSL (Pvt) Ltd
  • Computer Society of Sri Lanka (CSSL) - Talk on "Introduction to IT Governance and Enterprise Architecture"
  • Motorola Sends A Second Batch Through Software Patterns Training
  • Kamal To Act As The Marketing Director - ISACA Sri Lanka Chapter
  • ISACA Sri Lanka Chapter Invites Kamal To Join As A Board Member
  • Epic Lanka Technologies (Pvt) Ltd Receives Java SE And Java EE Trainings From Software View
  • Patterns Training For PPSL (Pvt) Ltd
  • ISACA Members Day Presentation On "Introduction To IT Governance And Enterprise Architecture"
  • Opening Lecture On Information Technology For SLIDA Master Of Public Management Course Delivered By Kamal
  • Customized Java Enterprise Edition Training For SLIDA
  • No One To Beat Software View - Epic Lanka Technologies (Pvt) Ltd
  • Motorola Receives Software Patterns Training From Software View
  • Custom Java Enterprise Edition Training for ICTA/SLIDA - Only from Software View!
  • Java EE 5, JavaServer Faces, Hibernate And Spring For PPSL (Pvt) Ltd
  • "Brain Trust" For Linux Journal Weekly Newsletter From Kamal
  • Java Platform, Enterprise Edition 5 Training At The CEIT, University Of Peradeniya
  • Another Group Of Around 100 Sri Lanka Telecom Engineers And Managers Were Service Oriented!
  • Java Platform, Enterprise Edition 5 Training Will Be Held At The CEIT, University Of Peradeniya
  • Service Oriented Architecture: Another Two Sessions Conducted at SLT
  • Photos of IET Monthly Forum at the Peradeniya University
RSS feed
Copyright © 2007 - 2023 Software View