Extract a Private Key from a Java Keystore

Featured image for sharing metadata for article

I've written in the past about extracting a symmetric key from a Java keystore, but didn't have anything to say how to do it with an asymmetric key.

Stealing shamelessly from How to export private key from a keystore of self-signed certificate on Stack Overflow:

# create a more portable PKCS12 store
keytool -v -importkeystore \
  -srckeystore keystore.jks \
  -srcalias mykey \
  -srcstorepass password \
  -destkeystore keystore.p12 \
  -deststorepass password \
  -deststoretype PKCS12
# dump the keys
openssl pkcs12 -in keystore.p12 -nocerts -nodes
Enter Import Password:
MAC verified OK
Bag Attributes
    friendlyName: mykey
    localKeyID: 54 69 6D 65 20 31 32 37 31 32 37 38 35 37 36 32 35 37
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIE.....
...
...
...
-----END PRIVATE KEY-----

(Noting that the passwords do not need to be the same)

If you want to import from a non-JKS store, remember to add the appropriate -srcstoretype argument when creating your new PKCS12 keystore.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #java #keystore #certificates.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.