keytool - see the public and private keys

java security keystore digital-certificate keytool

Cratylus · Feb 5, 2011 · Viewed 45.2k times · Source

I created Java keystore programmatically of type jks (i.e. default type).
It is initially empty so I created a DSA certificate.

keytool -genkey -alias myCert -v -keystore trivial.keystore

How can I see the public and private keys?
I.e. is there a command that prints the private key of my certificate?
I could only find keytool -certreq which in my understanding prints the certificate as a whole:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo
BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl
-----END NEW CERTIFICATE REQUEST-----

I assume this is the whole certificate. How can I see private (or public key) via keytool?

Answer

No, you cannot.
You can access the private key from code, but you cannot export it using the keytool.
Use OpenSSL if you need to export private key.

Another option: you can generate keystore in PKCS12 format. Then you can import it to a browser and then to export the private key.

keytool - see the public and private keys

Answer

Related questions