Cryptography - JKS (Java Keystore)


In the JDK implementation of JKS, a keystore may contain both:


command line:




with Cryptography - Keytool (Key and Certificate Management Tool)

keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list

Import Certificate

keytool -import \
    -alias example \
    -keystore  /home/security/cacerts \
    -file azurehdinsightnet.crt

Import Key

  • from pem to pkcs12 with openssl To pass the password inline, you need to add the pass: prefix.
openssl pkcs12 -export  \
  -name key-alias
  -in key.pem \
  -out key.pkcs12 \
  -passin 'pass:secretout' \
  -passout 'pass:secretOut'
keytool -importkeystore -v \
    -alias key-alias \
    -destalias key-alias \
    -srckeystore key.pkcs12 \
    -srcstoretype PKCS12 \
    -destkeystore keystore.jks \
    -deststoretype JKS \
    -destkeypass 'pwd' \
    -deststorepass 'pwd' \
    -srcstorepass 'pwd' \


keytool -export \
    -alias alias \
    -file certificate_export.cer \
    -keystore /home/conf/keystore.jks

to Pkcs12

keytool -importkeystore -srcstoretype JKS -srckeystore infa_keystore.jks -deststoretype PKCS12 -destkeystore infa_keystore.pkcs12

to Pem


openssl pkcs12 \
    -in keystore.pkcs12 
    -nodes \
    -out keystore.pem

Discover More
Cryptography - Java cacerts truststore (CA Certificates)

cacerts is the default truststore of Java. It comes with a Java Installation. It's in the jks format and contains CA certificate. If your server’s certificate is signed by a recognized CA, the default...
Portecle New Keystore
Cryptography - Keystore (KS)

A keystore is a database of key material. ie: key LDAP identity You only need it: if you are a server that want to implements SSL, or if the server requires client authentication. A keystore...
Cryptography - Keytool (Key and Certificate Management Tool)

keytool is a Key and Certificate Management Tool that comes with the installation of Java where: See ...
Cryptography - Storage of key material

This page lists the datastore / file of cryptographic material such as: key LDAP identity certificat signing request and more. Key and key pair file format is the binary...
Public Key Crypto Pair Key Creation
Keypair (public and a private key)

A keypair is a pair of keys: a public key: Used for encryption or signature verification; and a private one: The decryption key which is kept secret decrypt and sign. They are a component of the...
Trust model - Certificate authorities (CA) or Trusted Third party (TTP)

certificate authorities are the a “gatekeeper” of public and private keys. They are also known as trusted third partytrusted third party (TTP) The primary role of the CA is to: digitally sign...

Share this page:
Follow us:
Task Runner