Java keystore
To list all keys and certificates
keytool -keystore xxx.jks -list
Tomcat's keystore has a default password of "changeit"
Extracting private key
There is no way to do that with keytool. use the following hava program:DumpPrivateKey.java
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey {
static public void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream(args[0]),
args[2].toCharArray());
Key key = ks.getKey(args[1],
args[2].toCharArray());
System.out.write(key.getEncoded());
} catch (Exception e) {
e.printStackTrace();
System.out.println("Usage: java DumpPrivateKey file alias password");
}
}
}
import java.security.KeyStore;
import java.security.Key;
public class DumpPrivateKey {
static public void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream(args[0]),
args[2].toCharArray());
Key key = ks.getKey(args[1],
args[2].toCharArray());
System.out.write(key.getEncoded());
} catch (Exception e) {
e.printStackTrace();
System.out.println("Usage: java DumpPrivateKey file alias password");
}
}
}
Then use it in combination with openssl:
echo "-----BEGIN PRIVATE KEY-----" > tomcat.key java DumpPrivateKey tomcat.keystore tomcat changeit | openssl enc -a >> tomcat.key echo "-----END PRIVATE KEY-----" >> tomcat.key
There you go, you just exported the jks private key to a PEM file.
There are no comments on this page. [Add comment]