Import an existing private key into BKS Keystore

Question

Import an existing private key into BKS Keystore

I have a key pair generated by openssl as follows

openssl genrsa -out private_key.pem 2048

I convert it to DER format, following

openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem \ -out private_key.der -nocrypt

And now I want to import it into android, but I do not want to import it, since I want to protect it in the keystore.

So my question is: how to import an existing key into the BKS key store using keytool?

thanks

+1

java android security rsa keytool

Rdlp Apr 18 '16 at 7:46

source share

1 answer

always_a_rookie_to_learn · Accepted Answer · 2016-04-18T18:33:26+0000

A Private Key always accompanied by a Certificate Chain sign (which includes the corresponding certificate) in the KeyStore. You cannot just add it to KeyStore yourself.

After creating a Private Key you can create a self-signed certificate, then you can use this certificate to add your private key along with the certificate in KeyStore.

Create a self-signed certificate

openssl req -new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] days 3650 -subj / [YOUR_SUBJECT_DN]

Creating a PKCS # 12 File Containing PrivateKey and Certificate

openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey

Finally, convert KeyStore PKCS12 to your desired BKS storage type

keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152 .jar]

If you need the default Java storage type JKS , you can remove the arguments -providerclass and -providerpath from the last command.

Import an existing private key into BKS Keystore

More articles: