How to export private key from a keystore of self-signed certificate

Question

I just created a self-signed certificate on a linux box running tomcat 6   I created the keys like this  valid for 10 years   keytool -genkey -alias tomcatorange -keyalg RSA -validity 3650   and copied the keystore into a folder in tomcat  and updated server xml to point at the keystore   Now my network admin is asking for the both the public and private key   for our load balancer   I can generate the public key using   openssl s client -connect mydomain com 8443   But how can I export retrieve the private key

User · Accepted Answer

It is a little tricky  First you can use keytool to put the private key into PKCS12 format  which is more portable compatible than Java s various keystore formats  Here is an example taking a private key with alias  mykey  in a Java keystore and copying it into a PKCS12 file named myp12file p12   note that on most screens this command extends beyond the right side of the box  you need to scroll right to see it all   keytool -v -importkeystore -srckeystore  keystore -srcalias mykey -destkeystore myp12file p12 -deststoretype PKCS12 Enter destination keystore password    Re-enter new password   Enter source keystore password     Storing myp12file p12    Now the file myp12file p12 contains the private key in PKCS12 format which may be used directly by many software packages or further processed using the openssl pkcs12 command  For example     openssl pkcs12 -in myp12file p12 -nocerts -nodes Enter Import Password  MAC verified OK Bag Attributes     friendlyName  mykey     localKeyID  54 69 6D 65 20 31 32 37 31 32 37 38 35 37 36 32 35 37  Key Attributes   lt No Attributes gt  -----BEGIN RSA PRIVATE KEY----- MIIC          -----END RSA PRIVATE KEY-----   Prints out the private key unencrypted   Note that this is a private key  and you are responsible for appreciating the security implications of removing it from your Java keystore and moving it around

User · Answer

http   anandsekar github io exporting-the-private-key-from-a-jks-keystore   public class ExportPrivateKey           private File keystoreFile          private String keyStoreType          private char   password          private String alias          private File exportedFile           public static KeyPair getPrivateKey KeyStore keystore  String alias  char   password                    try                           Key key keystore getKey alias password                           if key instanceof PrivateKey                                    Certificate cert keystore getCertificate alias                                   PublicKey publicKey cert getPublicKey                                    return new KeyPair publicKey  PrivateKey key                                               catch  UnrecoverableKeyException e              catch  NoSuchAlgorithmException e              catch  KeyStoreException e                      return null                     public void export   throws Exception                  KeyStore keystore KeyStore getInstance keyStoreType                   BASE64Encoder encoder new BASE64Encoder                    keystore load new FileInputStream keystoreFile  password                   KeyPair keyPair getPrivateKey keystore alias password                   PrivateKey privateKey keyPair getPrivate                    String encoded encoder encode privateKey getEncoded                     FileWriter fw new FileWriter exportedFile                   fw write          BEGIN PRIVATE KEY       n                      fw write encoded                   fw write     n                      fw write          END PRIVATE KEY                            fw close                        public static void main String args    throws Exception                  ExportPrivateKey export new ExportPrivateKey                    export keystoreFile new File args 0                    export keyStoreType args 1                   export password args 2  toCharArray                    export alias args 3                   export exportedFile new File args 4                    export export

User · Answer

Use Keystore Explorer gui - http   keystore-explorer sourceforge net  - allows you to extract the private key from a  jks in various formats

User · Answer

public static void main String   args     try           String keystorePass    20174           String keyPass    rav 789           String alias    TyaGi            InputStream keystoreStream   new FileInputStream  D  keyFile jks            KeyStore keystore   KeyStore getInstance  JCEKS            keystore load keystoreStream  keystorePass toCharArray             Key key   keystore getKey alias  keyPass toCharArray              byte   bt   key getEncoded            String s   new String bt           System out println  ------ gt   s                 String str12   Base64 encodeBase64String bt            System out println  Fetched Key From JKS       str12          catch  KeyStoreException   IOException   NoSuchAlgorithmException   CertificateException   UnrecoverableKeyException ex            System out println ex

[tomcat] How to export private key from a keystore of self-signed certificate

Examples related to tomcat

Examples related to ssl

Examples related to certificate

Examples related to self-signed

Examples related to keystore