Monday, February 22, 2010

Import private key into java keystore - an easier way

If you ask google how you import a private key into a Java keystore file, the answers you get back all have source code for opening a DER file, reading it in and writing a keystore file programatically.

That works, but I've discovered a much, much easier way.

The -storetype argument to keytool allows you to translate key material. In fact, jarsigner can take the argument -storetype pkcs12, meaning you don't need to keep your signing key in a JCE keystore at all. But I digress.

If you can make a pkcs12 file with your private key and certificate - which should be easy with openssl's pkcs12 command - then you can use the following command to turn that into a java keystore:

keytool -importkeystore -srckeystore file.p12 -srcstoretype pkcs12 -destkeystore file.jceks -deststoretype JCEKS

3 comments:

Parveen said...

I never thought that this could be done in so simple and easier way.I used to use google way to do this.Thanks for sharing such an informative blog
signature seal

Harinath D said...

Am Getting this Error :
keytool error: java.io.IOException: failed to decrypt safe contents entry: javax
.crypto.BadPaddingException: Given final block not properly padded

Nick said...

BadPaddingException usually means the wrong password.