Extracting public and private keys from a Java Key Store (JKS)

Using the keytool utility, it is easy to extract the public key of an already created "public-private" key pair, which is stored in a keystore.

keytool -v -importkeystore -srckeystore existing-store.jks -srcalias mykey -destkeystore new-store.p12 -deststoretype PKCS12

Now the file new-store.p12 contains the private key in PKCS12 format which may be used directly by many software packages or further processed using the openssl pkcs12 command

# Export certificate
openssl pkcs12 -in new-store.p12 -nokeys -out cert.pem
# Export unencrypted private key
openssl pkcs12 -in new-store.p12 -nocerts -nodes
openssl pkcs12 -in new-store.p12 -nocerts -nodes -out key.pem

Comments

Post a Comment

Popular posts from this blog

Reduce TIME_WAIT Socket Connections

Sometime, you’ll run across an Apache server that always has tons of TIME_WAIT connections just seeming to hang out. While these don’t take up as many resources as an ESTABLISHED connection, why keep them around so long? This will show you how to identify how many you have, and how to tell your server to reduce them, reuse and recycle them
Read more