- A Java “keytool export” tutorial
- Using «keytool export» to create a certificate file
- Using keytool export
- A related Java keytool example
- Космонавт в лодке
- Личный блог Олега Абражаева о программировании, технологиях и о жизни
- Язык
- Рубрики
- Облако меток
- Свежие комментарии
- livelib.ru
- Подписаться на обновления!
- Создание, импорт и экспорт ключей в Java keystore (keytool, openssl)
- Создание и импорт
- Extracting a Private Key From the Java Keystore (JKS)
- What Is a Java KeyStore (JKS)?
- Are There Any Other KeyStore Types?
- What Are the Tools Used to Manipulate KeyStores?
- Let’s Get to Work
- Extracting the Private Key With OpenSSL and Keytool
- Call To Action
A Java “keytool export” tutorial
Java keytool export FAQ: Can you share some examples of the Java keytool export command and export process?
Once you’ve created a private key in a Java keystore file, you can export that private key to a certificate file using the Java «keytool export» command. I’ll demonstrate that command in this tutorial.
Using «keytool export» to create a certificate file
Assuming we have a Java keystore file that contains a private key (as demonstrated in this «keytool genkey private key example») that we want to export to a certificate file, and we know the password for the private key keystore, this process is simple.
To create a Java certificate file, we use this keytool export command:
$ keytool -export -alias foo -file certfile.cer -keystore privateKey.store
This keytool command can be read like this:
- Read from the keystore file named privateKey.store.
- Look in that file for the alias named «foo».
- Export the public key to the new file named certfile.cer.
Using keytool export
Here’s how this keytool export command works when I run it from my the command line:
$ keytool -export -alias foo -file certfile.cer -keystore privateKey.store Enter keystore password: ABC123 Certificate stored in file
In this example, the password for my private key keystore file (privateKey.store) is «ABC123».
At this point your certfile file should have been created, and you can now share that with other people, who will presumably want to import it into their public keystore. I demonstrate that process in my Java keytool import tutorial.
A related Java keytool example
If you’d like to see the entire process of creating a private key, exporting it in a certificate file, importing it into a public keystore, and listing the keystore contents, I have all of that in one place in a long (but complete) Java keytool, keystore, genkey, export, import, certificate, and list tutorial as well. (Be warned, it is lengthy, but complete.)
Космонавт в лодке
Личный блог Олега Абражаева о программировании, технологиях и о жизни
Язык
Рубрики
- HTML и CSS (7)
- Java (2)
- JavaScript (5)
- Linux (45)
- Debian (4)
- Ubuntu (24)
- Doctrine (7)
- Kohana Framework (7)
- Symfony Framework 2 (3)
- WordPress CMS (4)
- Zend Framework 2 (8)
- Redmine (2)
Облако меток
Свежие комментарии
- PHP: include или все в один файл? — include php быстродействие — Вопросы и ответы по программированию к записи Сравнение производительности автозагрузки и объединения классов в один файл
- Новичёк к записи Satis: создание вашего собственного Composer репозитория
- Самарка к записи Что делать с ошибкой W: Possible missing firmware /lib/firmware/rtl_nic/rtl8105e-1.fw for module r8169
- Saskozp к записи Фикс Bootstrap 3 Navigation dropdown submenu и реализация в Zend Framework 2 и Smarty
- seoonly.ru к записи Список полезных команд для Linux (Ubuntu, Debian) – ОБНОВЛЯЕМЫЙ
livelib.ru
Подписаться на обновления!
Создание, импорт и экспорт ключей в Java keystore (keytool, openssl)
Это пост-памятка по созданию приватных и публичных ключей, сертификатов и подписей, а так же по работе с java keystore.
Предположим, что есть некий soap service который использует wsse (WS-Security, wss) для безопасности. Для того, чтобы в Java выполнять шифрование и подписи необходимо подготовить Java Key Store (JKS) файл.
Создание и импорт
Для начала создаем приватный ключ.
Extracting a Private Key From the Java Keystore (JKS)
Join the DZone community and get the full member experience.
I’ve been working with the AS2 Protocol and the AdroitLogic AS2Gateway for quite some time now, and hence, playing with JKS has been a must. One of the tricks that were required from time to time was extracting the private key and public key (certificate) from Java KeyStores. In this blog post, we’ll go through a couple of simple commands on how to do that.
What Is a Java KeyStore (JKS)?
A JKS is an encrypted security file used to store a set of cryptographic keys or certificates in the binary format, and it requires a password to be opened. JKS files are used for a variety of security purposes. They can be used to identify the author of an Android app during a build and when publishing to Android Market in Google Play or in SSL encryption.
Are There Any Other KeyStore Types?
Yes. There are other KeyStore types. PKCS12 is one such type.
What Are the Tools Used to Manipulate KeyStores?
For JKS, we can use the Java keytool utility, which comes inbuilt with the JDK, and for PKCS12, we can use the openssl utility.
Let’s Get to Work
Exporting the public key from a JSK is quite straightforward with the keytool utility, but exporting the private key is not allowed. Therefore, we need to get the support of the openssl utility for that. Additionally, you can write some custom Java code to get the private key extracted as well.
To begin with, let’s create a simple KeyStore:
keytool -genkeypair -alias notebook -keyalg RSA -dname "CN=rajind,OU=dev,O=bft,L=mt,C=Srilanka" -keystore identity.jks -keypass keypassword -storepass storepassword
Extracting the Private Key With OpenSSL and Keytool
1. Convert JKS to the PKCS12 format:
keytool -importkeystore -srckeystore identity.jks -srcstorepass storepassword -srckeypass keypassword -srcalias notebook -destalias notebook -destkeystore identity.p12 -deststoretype PKCS12 -deststorepass password -destkeypass password
Note that we have given the destkeypass and deststore pass the same value. This is a requirement of PKCS12 as it does not support different passwords for key store and key. If you try to give different passwords, you’ll get a warning as follows as the destkeypass will be ignored.
Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value.
The final result of this step would be an identity.p12 file.
2. Exporting the private key from the PKCS12 format keystore:
openssl pkcs12 -in identity.p12 -nodes -nocerts -out private_key.pem
Once you enter this command, you will be prompted for the password, and once the password (in this case ‘password’) is given, the private key will be saved to a file by the named private_key.pem.
Note that in this command, nodes means ‘don’t encrypt private keys’ and nocerts means ‘don’t output certificates,’ which are the public keys.
Use the following help commands to get more details on them.
keytool -importkeystore –help openssl pkcs12 –help
Exporting the Public Key:
openssl pkcs12 -in identity.p12 -nokeys -out cert.pem
Call To Action
- Like. Share. Appreciate and let others find this article.
- Comment. Share your views on this article.
- Keep in touch.LinkedIn, Twitter
Originally published at notebookbft.wordpress.com on January 1, 2019.
Published at DZone with permission of Rajind Ruparathna , DZone MVB . See the original article here.
Opinions expressed by DZone contributors are their own.