keytool - see the public and private keys

后端 未结 5 1059
半阙折子戏
半阙折子戏 2020-12-30 03:35

I created Java keystore programmatically of type jks (i.e. default type).
It is initially empty so I created a DSA certificate.

keytool -genkey -alias          


        
相关标签:
5条回答
  • 2020-12-30 04:03
    keytool -list -v -alias myCert -storepass 123456 -keystore file.jks
    

    or

    keytool -list -rfc -alias myCert -storepass 123456 -keystore file.jks
    

    as noted in

    keytool -help
    
    0 讨论(0)
  • 2020-12-30 04:08

    (Portecle) is a very convenient GUI tool for managing keystores. And among other things it have an option to export private key and its associated certificate.

    The common way to share your public key is to share a certificate for your keypair (it contains your public key inside)

    0 讨论(0)
  • 2020-12-30 04:13

    You created a private (and associated public) key in your keystore. For it to be really usable, you can get it signed by a certification agency (CA) - for this is the -certreq command (you send the output to this certification agency, along with some other information and a bit of money, and they send back a certificate, which you can then import in your keystore.)

    Viewing the private key is not intended ... you usually don't need this, since you use the keystore in your Java program, and this knows how to use it.


    Edit: Since you want to look at your keystore, here a quick Java program which does this:

    import java.io.*;
    import java.security.*;
    import java.security.cert.Certificate;
    
    public class KeyPrinter {
    
        /**
         * to be invoked with these parameters:
         * 
         * [0]:  keystore-password
         * [1]:  filename
         * [2]:  alias
         * [3]:  entry-Password (if necessary)
         */
        public static void main(String[] params)
            throws IOException, GeneralSecurityException
        {
            char[] storePass = params[0].toCharArray();
            String fileName = params[1];
            String alias = params[2];
            KeyStore.ProtectionParameter entryPass;
            if(params.length > 3) {
            entryPass=new KeyStore.PasswordProtection(params[3].toCharArray());
            } else {
                entryPass = null;
            }
    
            KeyStore store = KeyStore.getInstance("JKS");
            InputStream input = new FileInputStream(fileName);
            store.load(input, storePass);
    
            KeyStore.Entry entry = store.getEntry(alias, entryPass);
            System.out.println(entry);
    
        }
    }
    

    First call keytool -list -keystore myStore to know which alias to look for, then call this program with the passwords and parameters. In case of a private key entry, it shows the key itself and additionally a self-signed certificate which contains the public key, in a readable form. In case of a "trusted certificate", it shows only the public key.

    0 讨论(0)
  • 2020-12-30 04:14

    You can use keystore-explorer.

    0 讨论(0)
  • 2020-12-30 04:18

    No, you cannot.
    You can access the private key from code, but you cannot export it using the keytool.
    Use OpenSSL if you need to export private key.

    Another option: you can generate keystore in PKCS12 format. Then you can import it to a browser and then to export the private key.

    0 讨论(0)
提交回复
热议问题