Friday, 3 July 2015

Extract private and public key from keystore

Generate jks file in Java

A Java KeyStore (JKS) is a repository of security certificates. If you install Java, open command prompt and type “keytool” You will get help like following.
$ keytool
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Use following command to create jks file.

keytool -genkey -alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks

$ keytool -genkey -alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  Hari Krishna Gurram
What is the name of your organizational unit?
  [Unknown]:  Self learn Java
What is the name of your organization?
  [Unknown]:  Self learn Java
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Hari Krishna Gurram, OU=Self learn Java, O=Self learn Java, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  y

Enter key password for <certificate1>
(RETURN if same as keystore password):  

keytool takes some information from you and generates certificate.
Extract public key from certificate
Use following command to extract public key from certificate.

keytool -export -alias certificate1 -keystore keystore.jks -rfc -file public.cert
$ keytool -export -alias certificate1 -keystore keystore.jks -rfc -file public.cert
Enter keystore password:  
Certificate stored in file <public.cert>

$ cat public.cert
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV
BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph
dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh
bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE
CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2
YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt
23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy
Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G
S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr
V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG
A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL
BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9
sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM
H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb
UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw
1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I=
-----END CERTIFICATE-----

Extract private key from certificate
Step 1: Generate p12 file
$ keytool -v -importkeystore -srckeystore keystore.jks -srcalias certificate1 -destkeystore myp12file.p12 -deststoretype PKCS12
Enter destination keystore password: 
Re-enter new password:
Enter source keystore password: 
[Storing myp12file.p12]

Step 2: Extract private key from p12 file.

openssl pkcs12 -in myp12file.p12 -out private.pem


$ openssl pkcs12 -in myp12file.p12 -out private.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
localhost:~ harikrishna_gurram$ cat private.pem
Bag Attributes
    friendlyName: certificate1
    localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30 
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AD864ADA56589C21

aZZCBpITRNMbi3GkaUzD7jv3LzfLKw+PA2GjHU0y/sW8uXpxagyFf3nVBknOBjT6
pwq2K+1knqjx3/M4rVt04JmU6x2midLraTwdtmCtztmtDcL+XgJQG12hlIrSKHqo
yQ3Nrx5WZsHwbz8M1nYHMCHW7rIgw+jLkNvIBLGyO4CpZiPKcb32UHqpK1MVA06o
fkfDHjfwiWtRLnUpk49RsVHggJUf1DI/cEFeWEkR2O4LEjvSmhFeJMSDdl7xnSYR
oKDDpL7ZSHDOEamkPhB5rvCgSUWsEvXnST/2bV5PlfvimbUJMNR38D804/CAPaOh
oZiV/exEJ5QZVGSiB3erJQYJwj96Btr9MI4sIuVfrTkIm9QGia9wV9zw3rtbYP7u
hddJRtJeuayApt5KUQfWg8GHbbwZYayPFMK7zUmEKMm9VLa1iBzMoiEsLBFToXKJ
jWqirfWcjdEoapOhQTOPY6ut+EaFF7dgb+7vv2oJ+e3UPNMZnVU37tWPbHhhAQGk
JHU0OsljGNLw3ISe8GkSTzTMu4Or0pPRVoIN/qyRm9LWcBP3ymjp79T4epSbhSH1
duCGeNUD8sZWv0YwffzyjxnpdLtOmxJUCYbl/1u8yxYYyrXvlk/pgkyvo3Ick/uq
37Q65yscmFq25H7mGo5MFqg2imFXdT6Fw1YVRN92+iGWP8XJ7rHjI06+MS8UX1Be
6cqm2ZbF71lNGSW4JzSL5B03qZBI/AdTOFESfoXH2NkTJO/F20zcR6yGy5+jHeyR
QKCulaPYGR2W/qpp3j2H6vZTl9ZFJFi4dH0s4LplDS5aS9LNLjL4ZhT8A/Ly3S5O
Iij91vnkxSoxB0SSypaNtUsTtTOXg2gEsRtAG8a8z9NbKtYK7NzOA5Yl9jqyry7S
zjZTx0aMZHjrVJU6Nw4QEOGrea9yU6gCqfM6Bix2rMEBUaLJjHCFasBn9Yc+OSVd
pQRoxZKDIdmzZcFMHiNMDc2nArY5N9qgH06RyKnGFKRzF3k1bwtlVNWZC9ZeKeWj
nG9RND9IGauheSNFAZSUXmm1k3R+ZoHCqi08jfBrt1YuX6qwoX1k5FCenM1dJCj8
NakxfthKBENdyQ3seQeDY+LtbZmQQPb61UQu6Q+xvgKD5fMaVk5tUkBGMdppxIpi
whih2yZNstU8e/2JuC/e9r1H0t40bqkDvhdxXTZ24n7YfFF4R632nYD/8POyANH5
eySgm7ETIAZJbhGOy8icLOOkUsF8Zb3nFdNzN4BR5P/lCrwEIcpscCTDmNdcJOoJ
wTrFAW/VWa+Oh0k9jiOQ0KqNqBTLkG7f4TQOg++y8+bcyW2JsVJOEYeKmMwjO9ZV
r0SAqN5XxcwSCTj52j2A2bxMtXg+8XpfgTZnj4HRcWRVaG4ZVPdsLGIEGsaBka91
TDijXNNw9DlVehGBZxoszVYhnPKXIoIXtGISLb5sCybRUruhpiMqyOYOWzttRDZo
DoNAeogDV2KHdfgNwSzn9IwCpRGYk44mNgMQtemPO7AHO6VXLtx+9hY0qzEzz6Wh
Jn2xN8HbZerLcMmE7ztrn/2mZzN4NErReUdbjhytKIzdfLez9tYgiq95XpBvuwnr
-----END RSA PRIVATE KEY-----
Bag Attributes
    friendlyName: certificate1
    localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30 
subject=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYD
VQQKEw9TZWxmIGxlYXJuIEphdmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEc
MBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJhbTAeFw0xNTA3MDMwNzA5MTlaFw0x
NTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWth
MRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2YTEY
MBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEg
R3VycmFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU
6r4+oYS77YJCLlhPBuxt23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+ql
xftYYcd8+EQp3AqT+mFc5bWy+ZwLG1IyUyh+eXLVYiv3FemM3YpKQidRGzbzizso
3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95GS3uscWPkE6kn6Gou2FXu
GNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOrV/Ad4olX
QcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4
nApGA89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIw
DQYJKoZIhvcNAQELBQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83
e0m4qKBVPu0tdEbcLBru+5yvDcd9sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqe
vGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWMH3m375fyRdS7mWDlPBJG8gA1
Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzbUqlcLycohTOn
h6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw
1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I=
-----END CERTIFICATE-----

Related Articles


No comments:

Post a Comment