Extracting public and private keys from a Java Key Store (JKS)

Using the keytool utility, it is easy to extract the public key of an already created "public-private" key pair, which is stored in a keystore.

keytool -v -importkeystore -srckeystore existing-store.jks -srcalias mykey -destkeystore new-store.p12 -deststoretype PKCS12

Now the file new-store.p12 contains the private key in PKCS12 format which may be used directly by many software packages or further processed using the openssl pkcs12 command

# Export certificate
openssl pkcs12 -in new-store.p12 -nokeys -out cert.pem
# Export unencrypted private key
openssl pkcs12 -in new-store.p12 -nocerts -nodes
openssl pkcs12 -in new-store.p12 -nocerts -nodes -out key.pem


Popular posts from this blog