How can I export my private key from a Java Keytool keystore?

Use Java keytool to convert from JKS to P12...

Export from keytool's proprietary format (called "JKS") to standardized format PKCS #12:

keytool -importkeystore \
    -srckeystore keystore.jks \
    -destkeystore keystore.p12 \
    -deststoretype PKCS12 \
    -srcalias <jkskeyalias> \
    -deststorepass <password> \
    -destkeypass <password>

...then use openssl to export from P12 to PEM

Export certificate using openssl:

openssl pkcs12 -in keystore.p12  -nokeys -out cert.pem

Export unencrypted private key:

openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem

Since Java 6, you can import/export private keys into PKCS#12 (.p12) files using keytool, with the option -importkeystore (not available in previous versions).

For example:

keytool -importkeystore -srckeystore existing-store.jks -destkeystore new-store.p12 -deststoretype PKCS12

The PKCS12 keystore type is also supported as a standard keystore type in the default Oracle/Sun security provider.

Try "Keystore Explorer"

I agree with Bruno. Keytool is ultimate tool when dealing with Java keystore, but there is one fancy and quite powerful free tool: Keystore explorer

I use it a lot and never had a need for something else.

How can I export my private key from a Java Keytool keystore?

Use Java keytool to convert from JKS to P12...

...then use openssl to export from P12 to PEM

Try "Keystore Explorer"

Tags:

Java

Cryptography

Key Management

Certificates

Appsec

Related

Recent Posts