Cryptography Tutorials - Herong's Tutorial Examples - v5.40, by Dr. Herong Yang
"keytool -exportcert" Exporting PrivateKeyEntry
This section provides a tutorial example on how to export a 'PrivateKeyEntry' stored in a 'keystore' file using the 'keytool -exportcert' command.
After generating my key pair with the "keytool -genkeypair" command, I got a PrivateKeyEntry inside the keystore file, herong.jks. So I tried to export it using the "keytool -exportcert" command as shown in the following command session:
C:\herong>keytool -exportcert -alias herong_key -keypass keypass \ -keystore herong.jks -storepass jkspass -file herong.crt -rfc Certificate stored in file <herong.crt> C:\herong>type herong.crt -----BEGIN CERTIFICATE----- MIIDODCCAvagAwIBAgIERqplETALBgcqhkjOOAQDBQAwfzELMAkGA1UE... ... Cgfs2kXj/IQCFDC5GT5IrLTIFxAyPUo1tJo2DPkK -----END CERTIFICATE-----
Cool. A certificate was exported. I am not going to explain all the command options used above, because they were explained in previous chapters. But I want to mention this "-rfc" option:
Without "-rfc" option, "keytool" will output certificate in a binary form, which will be very hard to transfer.
I got this certificate exported from the PrivateKeyEntry of my key pair. What is in this certificate? I will try to use "keytool -printcert" command to look into this certificate in the next section.
Table of Contents