| 1 | // How to export the private key from keystore? |
|---|
| 2 | // Does keytool not have an option to do so? |
|---|
| 3 | // This example use the "testkeys" file that comes with JSSE 1.0.3 |
|---|
| 4 | // Alexey Zilber: Ported to work with Base64Coder: http://www.source-code.biz/snippets/java/2.htm |
|---|
| 5 | |
|---|
| 6 | import java.security.cert.Certificate; |
|---|
| 7 | import java.security.*; |
|---|
| 8 | import java.io.File; |
|---|
| 9 | import java.io.FileInputStream; |
|---|
| 10 | |
|---|
| 11 | class ExportPriv { |
|---|
| 12 | public static void main(String args[]) throws Exception{ |
|---|
| 13 | if (args.length < 2) { |
|---|
| 14 | //Yes I know this sucks (the password is visible to other users via ps |
|---|
| 15 | // but this was a quick-n-dirty fix to export from a keystore to pkcs12 |
|---|
| 16 | // someday I may fix, but for now it'll have to do. |
|---|
| 17 | System.err.println("Usage: java ExportPriv <keystore> <alias> <password>"); |
|---|
| 18 | System.exit(1); |
|---|
| 19 | } |
|---|
| 20 | ExportPriv myep = new ExportPriv(); |
|---|
| 21 | myep.doit(args[0], args[1], args[2]); |
|---|
| 22 | } |
|---|
| 23 | |
|---|
| 24 | public void doit(String fileName, String aliasName, String pass) throws Exception{ |
|---|
| 25 | |
|---|
| 26 | KeyStore ks = KeyStore.getInstance("JKS"); |
|---|
| 27 | |
|---|
| 28 | char[] passPhrase = pass.toCharArray(); |
|---|
| 29 | //BASE64Encoder myB64 = new BASE64Encoder(); |
|---|
| 30 | |
|---|
| 31 | File certificateFile = new File(fileName); |
|---|
| 32 | ks.load(new FileInputStream(certificateFile), passPhrase); |
|---|
| 33 | |
|---|
| 34 | KeyPair kp = getPrivateKey(ks, aliasName, passPhrase); |
|---|
| 35 | |
|---|
| 36 | PrivateKey privKey = kp.getPrivate(); |
|---|
| 37 | |
|---|
| 38 | char[] b64 = Base64Coder.encode(privKey.getEncoded()); |
|---|
| 39 | |
|---|
| 40 | System.out.println("-----BEGIN PRIVATE KEY-----"); |
|---|
| 41 | System.out.println(b64); |
|---|
| 42 | System.out.println("-----END PRIVATE KEY-----"); |
|---|
| 43 | |
|---|
| 44 | } |
|---|
| 45 | |
|---|
| 46 | // From http://javaalmanac.com/egs/java.security/GetKeyFromKs.html |
|---|
| 47 | |
|---|
| 48 | public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) { |
|---|
| 49 | try { |
|---|
| 50 | // Get private key |
|---|
| 51 | Key key = keystore.getKey(alias, password); |
|---|
| 52 | if (key instanceof PrivateKey) { |
|---|
| 53 | // Get certificate of public key |
|---|
| 54 | Certificate cert = keystore.getCertificate(alias); |
|---|
| 55 | |
|---|
| 56 | // Get public key |
|---|
| 57 | PublicKey publicKey = cert.getPublicKey(); |
|---|
| 58 | |
|---|
| 59 | // Return a key pair |
|---|
| 60 | return new KeyPair(publicKey, (PrivateKey)key); |
|---|
| 61 | } |
|---|
| 62 | } catch (UnrecoverableKeyException e) { |
|---|
| 63 | } catch (NoSuchAlgorithmException e) { |
|---|
| 64 | } catch (KeyStoreException e) { |
|---|
| 65 | } |
|---|
| 66 | return null; |
|---|
| 67 | } |
|---|
| 68 | |
|---|
| 69 | } |
|---|
| 70 | |
|---|
