Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to extract a private key cert from a nks (command line, instead of GUI)

Posted on 2014-04-13
6
Medium Priority
?
670 Views
Last Modified: 2014-04-15
I perform the following command from an exercise:

 keytool -genkey -alias First_Java_Cert -keyalg RSA -keystore /home/first/keystore/keystore.jks -storepass passw0rd -dname "CN=first, O=IBM, C=GB" -keypass passw0rd

So I just created a certificate with both a private and public key using the keytool.

Now I perform the following:

 keytool -export -keystore /home/first/keystore/keystore.jks -storepass passw0rd -alias First_Java_Cert -file /home/import/First_Java_Cert.cer

This extracts a certificate with a public key.

(Am I correct in my assumptions so far?)

So using a command line program (non-GUI) that would come with either Windows or Java, could someone please post how to extract a private key from the .jks

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39997952
Ok so here are some steps:
first you want to convert the jks to pkcs or p12 / pfx
keytool -importkeystore -srckeystore "C:\certs\test.jks" -srcstoretype JKS -srcstorepass SomePassword -destkeystore "C:\certs\test.pfx" -deststoretype PKCS12 -deststorepass SomePassword

Then use openssl to export the private key:
Public key Export
One being the public key which you can export with the command:
openssl.exe pkcs12 -in C:\certs\test.pfx -clcerts -nokeys -out publicCert.pem

The next one being the private key which you get with the following command:
Private key Export
>>openssl.exe pkcs12 -in C:\certs\test.pfx -nocerts -out privateKey.pem
0
 

Author Comment

by:Anthony Lucia
ID: 39997975
In this example it says

Private key Export
>>openssl.exe pkcs12 -in C:\certs\test.pfx -nocerts -out privateKey.pem 

Open in new window


Regarding the option -nocerts, Does this mean that a private key does not have a certificate  (Does the above command not extract a cert)

Also stated:

Public key Export
One being the public key which you can export with the command:
openssl.exe pkcs12 -in C:\certs\test.pfx -clcerts -nokeys -out publicCert.pem

Open in new window


Regarding the option -nokeys, why does it say -nokeys, when you are clearly exporting a public key ?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 39997990
The language may seem misleading
Nocerts: outputs only private key
No keys: outputs only the certificates does not output private key

More info on open ssl  commands.
http://wiki.openssl.org/index.php/Command_Line_Utilities
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 39999310
Let me know if this resolves the question for you.
0
 

Author Comment

by:Anthony Lucia
ID: 39999768
So if I use nocerts, it will output ONLY the private key, without an encompassing certificate ?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 39999829
Exactly you will be outputting only the private key.

As you notice the command is outputting the private key to a .pem / .key file.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question