Cryptography - JKS (Java Keystore)

> Software Security > Cryptography - Key

1 - About

In the JDK implementation of JKS, a keystore may contain both:

Advertising

3 - Utility

4 - Management

4.1 - List

with Cryptography - Keytool (Key and Certificate Management Tool)

keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list

4.2 - Import Certificate

keytool -import \
    -alias example \
    -keystore  /home/security/cacerts \
    -file azurehdinsightnet.crt

4.3 - Import Key

  • from pem to pkcs12 with openssl To pass the password inline, you need to add the pass: prefix.
openssl pkcs12 -export  \
  -name key-alias
  -in key.pem \
  -out key.pkcs12 \
  -passin 'pass:secretout' \
  -passout 'pass:secretOut'
keytool -importkeystore -v \
    -alias key-alias \
    -destalias key-alias \
    -srckeystore key.pkcs12 \
    -srcstoretype PKCS12 \
    -destkeystore keystore.jks \
    -deststoretype JKS \
    -destkeypass 'pwd' \
    -deststorepass 'pwd' \
    -srcstorepass 'pwd' \
    -noprompt
Advertising

4.4 - Export

keytool -export \
    -alias alias \
    -file certificate_export.cer \
    -keystore /home/conf/keystore.jks

4.5 - to Pkcs12

keytool -importkeystore -srcstoretype JKS -srckeystore infa_keystore.jks -deststoretype PKCS12 -destkeystore infa_keystore.pkcs12

4.6 - to Pem

Steps

openssl pkcs12 \
    -in keystore.pkcs12 
    -nodes \
    -out keystore.pem