问题
We have a jck keystore (jceks) format containing a secret key. It was generated using keytool command
keytool -genseckey -alias mykey -keyalg AES -keysize 256 -storetype jceks -keystore mykeystore.jks
We need to share this with another application and they seem to have limitations in working with jck store. They are asking for the key to be exported and supplied to them.
We tried a few tools, but are not able to export the secret key. Is there a command or workaround to achieve this ?
回答1:
keytool doesn't support exporting of Secret Keys. You could use the KeyStore api to do this.
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new FileInputStream(new File("KEYSTORE_PATH")), "PASSWORD".toCharArray());
SecretKey key = (SecretKey) ks.getKey("ALIAS", "PASSWORD".toCharArray());
System.out.println(new String(Base64.encode(key.getEncoded())));
回答2:
KeyStore Explorer shows the key as a hex string if you double-click on it:
来源:https://stackoverflow.com/questions/38744181/export-secret-key-from-jck-key-store