Cryptography Tutorials - Herong's Tutorial Examples - v5.40, by Dr. Herong Yang
Summary - Migrating "keystore" Keys to "OpenSSL"
This section describes high level steps on how to migrate a private key generated in a JKS (Java KeyStore) file to an 'OpenSSL' key file. The key step is to convert a JKS file into a PKCS#12 file with 'keytool'.
Once we know that "keytool" supports PKCS#12 files, we can also use PKCS#12 files to migrate private keys from "keytool" keystore files "OpenSSL" key files. Here are my notes on how to do this:
"keytool -importkeystore" command should be used to convert a JKS (Java KeyStore) file into a PKCS#12 file.
"openssl pkcs12" command should be used to split the private key file out of the PKCS#12 file.
"openssl pkcs12" command should be used to split the certificate file out of the PKCS#12 file.
If you are tired of using PKCS#12 files, of course you can use my "DumpKey.java" program to dump the private key out of a JKS file and use it directly with OpenSSL. See the previous chapter for more information on DumpKey.java.
Table of Contents