DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Buildpacks: An Open-Source Alternative to Chainguard
  • Implementing Row-Level Security
  • Four Essential Tips for Building a Robust REST API in Java
  • Creating Effective Exceptions in Java Code [Video]

Trending

  • Testing SingleStore's MCP Server
  • Unlocking the Potential of Apache Iceberg: A Comprehensive Analysis
  • Unlocking AI Coding Assistants Part 3: Generating Diagrams, Open API Specs, And Test Data
  • Beyond ChatGPT, AI Reasoning 2.0: Engineering AI Models With Human-Like Reasoning
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Extracting a Private Key From the Java Keystore (JKS)

Extracting a Private Key From the Java Keystore (JKS)

Check this out if you need help extracting a private key from a JKS instance.

By 
Rajind Ruparathna user avatar
Rajind Ruparathna
·
Jan. 17, 19 · Tutorial
Likes (6)
Comment
Save
Tweet
Share
325.5K Views

Join the DZone community and get the full member experience.

Join For Free

I’ve been working with the AS2 Protocol and the AdroitLogic AS2Gateway for quite some time now, and hence, playing with JKS has been a must. One of the tricks that were required from time to time was extracting the private key and public key (certificate) from Java KeyStores. In this blog post, we’ll go through a couple of simple commands on how to do that.

What Is a Java KeyStore (JKS)? 

A JKS is an encrypted security file used to store a set of cryptographic keys or certificates in the binary format, and it requires a password to be opened. JKS files are used for a variety of security purposes. They can be used to identify the author of an Android app during a build and when publishing to Android Market in Google Play or in SSL encryption.


Java: A Complete Tutorial from Zero to JDBC Course.*

*Affiliate link. See Terms of Use.

Are There Any Other KeyStore Types?

Yes. There are other KeyStore types. PKCS12 is one such type.

What Are the Tools Used to Manipulate KeyStores?

For JKS, we can use the Java keytool utility, which comes inbuilt with the JDK, and for PKCS12, we can use the openssl utility.

Let's Get to Work

Exporting the public key from a JSK is quite straightforward with the keytool utility, but exporting the private key is not allowed. Therefore, we need to get the support of the openssl utility for that. Additionally, you can write some custom Java code to get the private key extracted as well.

To begin with, let's create a simple KeyStore:

keytool -genkeypair -alias notebook -keyalg RSA -dname "CN=rajind,OU=dev,O=bft,L=mt,C=Srilanka" -keystore identity.jks -keypass keypassword -storepass storepassword


Extracting the Private Key With OpenSSL and Keytool

1. Convert JKS to the PKCS12 format:

keytool -importkeystore -srckeystore identity.jks -srcstorepass storepassword -srckeypass keypassword -srcalias notebook -destalias notebook -destkeystore identity.p12 -deststoretype PKCS12 -deststorepass password -destkeypass password


Note that we have given the destkeypass and deststore pass the same value. This is a requirement of PKCS12 as it does not support different passwords for key store and key. If you try to give different passwords, you’ll get a warning as follows as the destkeypass will be ignored.

Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value.


The final result of this step would be an identity.p12 file.

2. Exporting the private key from the PKCS12 format keystore:

openssl pkcs12 -in identity.p12 -nodes -nocerts -out private_key.pem


Once you enter this command, you will be prompted for the password, and once the password (in this case ‘password’) is given, the private key will be saved to a file by the named private_key.pem.

Note that in this command, nodes means ‘don’t encrypt private keys’ and nocerts means ‘don’t output certificates,’ which are the public keys.

Use the following help commands to get more details on them.

keytool -importkeystore –help
openssl pkcs12 –help


Exporting the Public Key:

openssl pkcs12 -in identity.p12 -nokeys -out cert.pem


Happy extracting!

Call To Action

  • Like. Share. Appreciate and let others find this article.
  • Comment. Share your views on this article.
  • Keep in touch. LinkedIn, Twitter

Originally published at notebookbft.wordpress.com on January 1, 2019.

Java (programming language) OpenSSL security Public-key cryptography

Published at DZone with permission of Rajind Ruparathna, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Buildpacks: An Open-Source Alternative to Chainguard
  • Implementing Row-Level Security
  • Four Essential Tips for Building a Robust REST API in Java
  • Creating Effective Exceptions in Java Code [Video]

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!