Solved

How to extract a private key cert from a nks (command line, instead of GUI)

Posted on 2014-04-13
6
654 Views
Last Modified: 2014-04-15
I perform the following command from an exercise:

 keytool -genkey -alias First_Java_Cert -keyalg RSA -keystore /home/first/keystore/keystore.jks -storepass passw0rd -dname "CN=first, O=IBM, C=GB" -keypass passw0rd

So I just created a certificate with both a private and public key using the keytool.

Now I perform the following:

 keytool -export -keystore /home/first/keystore/keystore.jks -storepass passw0rd -alias First_Java_Cert -file /home/import/First_Java_Cert.cer

This extracts a certificate with a public key.

(Am I correct in my assumptions so far?)

So using a command line program (non-GUI) that would come with either Windows or Java, could someone please post how to extract a private key from the .jks

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39997952
Ok so here are some steps:
first you want to convert the jks to pkcs or p12 / pfx
keytool -importkeystore -srckeystore "C:\certs\test.jks" -srcstoretype JKS -srcstorepass SomePassword -destkeystore "C:\certs\test.pfx" -deststoretype PKCS12 -deststorepass SomePassword

Then use openssl to export the private key:
Public key Export
One being the public key which you can export with the command:
openssl.exe pkcs12 -in C:\certs\test.pfx -clcerts -nokeys -out publicCert.pem

The next one being the private key which you get with the following command:
Private key Export
>>openssl.exe pkcs12 -in C:\certs\test.pfx -nocerts -out privateKey.pem
0
 

Author Comment

by:Anthony Lucia
ID: 39997975
In this example it says

Private key Export
>>openssl.exe pkcs12 -in C:\certs\test.pfx -nocerts -out privateKey.pem 

Open in new window


Regarding the option -nocerts, Does this mean that a private key does not have a certificate  (Does the above command not extract a cert)

Also stated:

Public key Export
One being the public key which you can export with the command:
openssl.exe pkcs12 -in C:\certs\test.pfx -clcerts -nokeys -out publicCert.pem

Open in new window


Regarding the option -nokeys, why does it say -nokeys, when you are clearly exporting a public key ?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39997990
The language may seem misleading
Nocerts: outputs only private key
No keys: outputs only the certificates does not output private key

More info on open ssl  commands.
http://wiki.openssl.org/index.php/Command_Line_Utilities
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39999310
Let me know if this resolves the question for you.
0
 

Author Comment

by:Anthony Lucia
ID: 39999768
So if I use nocerts, it will output ONLY the private key, without an encompassing certificate ?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39999829
Exactly you will be outputting only the private key.

As you notice the command is outputting the private key to a .pem / .key file.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question