Dealing with a Java keystore when keytool is not enough
It seems odd but the keytool program for handling a Java keystore is missing two rather obvious abilites.
One missing ability is that keytool is unable to import a private key and the corresponding certificate to create a Java keystore from scratch.
Another is to provide a way to extract a private key from the Java keystore.
All you need is wget, a java compiler, OpenSSL and some spare time.
ImportKey.java was written by Joachim Karrer and Jens Carlberg
ExportPriv.java was written by Alexey Zilber
Base64Coder.java was written by Christian d’Heureuse, Inventec Informatik AG, Switzerland
- How to create a fresh Java keystore with a private key and a corresponding certificate
$ openssl pkcs8 -topk8 -nocrypt -outform der -in somename.key.decrypted -out somename_pkcs8_key.der $ openssl x509 -inform PEM -outform DER -in somename.crt -out somename_certificate.der $ wget http://www.agentbob.info/agentbob/80/version/default/part/AttachmentData/data/ImportKey.java $ javac ImportKey.java $ java ImportKey somename_pkcs8_key.der somename_certificate.der
This will create a keystore somewhere (for me, on a Windows machine, the location was: C:\Documents and Settings\snowy\keystore.ImportKey ).
- How to extract a private key from the Java keystore
$ keytool -export -alias mykey -keystore mystorage.jks -file exported-der.crt $ openssl x509 -out exported-pem.crt -outform pem -in exported-der.crt -inform der $ wget http://mark.foster.cc/pub/java/ExportPriv.java $ wget http://www.source-code.biz/base64coder/java/Base64Coder.java.txt $ mv Base64Coder.java.txt Base64Coder.java $ javac ExportPriv.java Base64Coder.java $ java ExportPriv mystorage.jks mykey changeit > exported-pkcs8.key