Extract a Private Key from a Java Keystore

I've written in the past about extracting a symmetric key from a Java keystore, but didn't have anything to say how to do it with an asymmetric key.

Stealing shamelessly from How to export private key from a keystore of self-signed certificate on Stack Overflow:

# create a more portable PKCS12 store
keytool -v -importkeystore \
  -srckeystore keystore.jks \
  -srcalias mykey \
  -srcstorepass password \
  -destkeystore keystore.p12 \
  -deststorepass password \
  -deststoretype PKCS12
# dump the keys
openssl pkcs12 -in keystore.p12 -nocerts -nodes
Enter Import Password:
MAC verified OK
Bag Attributes
    friendlyName: mykey
    localKeyID: 54 69 6D 65 20 31 32 37 31 32 37 38 35 37 36 32 35 37
Key Attributes: <No Attributes>

(Noting that the passwords do not need to be the same)

If you want to import from a non-JKS store, remember to add the appropriate -srcstoretype argument when creating your new PKCS12 keystore.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.


This post was filed under articles.

Related Posts

Other posts you may be interested in:

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.