KfWiki : JavaKeystore

HomePage :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register
HomePage » Java » CoreJava » JavaKeystore


Java keystore

To list all keys and certificates
keytool -keystore xxx.jks -list

Tomcat's keystore has a default password of "changeit"

Extracting private key
There is no way to do that with keytool. use the following hava program:

DumpPrivateKey.java
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;

public class DumpPrivateKey {
        static public void main(String[] args) {
                try {
                        KeyStore ks = KeyStore.getInstance("jks");
                        ks.load(new FileInputStream(args[0]),
                                 args[2].toCharArray());
                        Key key = ks.getKey(args[1],
                                 args[2].toCharArray());
                        System.out.write(key.getEncoded());
                } catch (Exception e) {
                        e.printStackTrace();
                        System.out.println("Usage: java DumpPrivateKey file alias password");
                }
        }
}


Then use it in combination with openssl:
echo "-----BEGIN PRIVATE KEY-----" > tomcat.key
java DumpPrivateKey tomcat.keystore tomcat changeit | openssl enc  -a >> tomcat.key
echo "-----END PRIVATE KEY-----" >> tomcat.key


There you go, you just exported the jks private key to a PEM file.

There are no comments on this page. [Add comment]

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki
Page was generated in 0.8475 seconds