PKI Tutorials - Herong's Tutorial Examples - v2.20, by Dr. Herong Yang
Converting KeyStore Files to PKCS12 Files
This section provides a tutorial example on how to convert a KeyStore file to a PKCS12 file, because Windows 'Internet Options' can import keys and certificates from PKCS12, but not from KeyStore file.
Let's assume that Amy has a private-public key pair and a certificate from me. She wants to add a digital signature on OpenOffice.org 3 document.
According to the OpenOffice.org 3 help text, Amy needs to import her private-public key pair and certificate using "Internet Option".
But there is problem. "Internet Option" can not import private-public key pair from KeyStore files. But it can import PKCS12 files.
So Amy needs to convert her KeyStore file to a PKCS12 file using the JDK "keytool" command:
C:\amy>\local\jdk\bin\keytool.exe -importkeystore -srckeystore amy.jks -srcstoretype jks -srcstorepass AmyJKS -srcalias email@example.com -destkeystore amy.p12 -deststoretype pkcs12 -deststorepass AmyP12 -destkeypass AmyP12 C:\amy>\local\jdk\bin\keytool.exe -list -keystore amy.p12 -storepass AmyP12 -storetype pkcs12 Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry firstname.lastname@example.org, Mar 6, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): 00:5D:79:5A:47:76:C7:1A:53:3C:30:90...
Done. Amy now has her private-public key pair in a PKCS 12 file now. By the way her certificate is also included in that single PrivateKeyEntry.
Table of Contents