I have a bunch of .keystore files and need to find one with specific CN and alias. Is there a way to do it with keytool, jarsigner or some other tool? I found a way to check if specific keystore was used to sign a specific apk, but I also need to get the alias and certificate name in each of the files.
You can run the following command to list the content of your keystore file (and alias name):
keytool -v -list -keystore .keystore
If you are looking for a specific alias, you can also specify it in the command:
keytool -list -keystore .keystore -alias foo
If the alias is not found, it will display an exception:
keytool error: java.lang.Exception: Alias does not exist
In order to get all the details I had to add the -v option to romaintaz answer:
keytool -v -list -keystore <FileName>.keystore
-v option is specified, then the certificate is printed in human-readable format, with additional information such as the owner, issuer, serial number, and any extensions." (see: Java SE Tools Reference, Display Data command, -list option)
You can run from Java code.
try {
File file = new File(keystore location);
InputStream is = new FileInputStream(file);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "password";
keystore.load(is, password.toCharArray());
Enumeration<String> enumeration = keystore.aliases();
while(enumeration.hasMoreElements()) {
String alias = enumeration.nextElement();
System.out.println("alias name: " + alias);
Certificate certificate = keystore.getCertificate(alias);
System.out.println(certificate.toString());
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}finally {
if(null != is)
try {
is.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
Certificate class holds all information about the keystore.
UPDATE- OBTAIN PRIVATE KEY
Key key = keyStore.getKey(alias, password.toCharArray());
String encodedKey = new Base64Encoder().encode(key.getEncoded());
System.out.println("key ? " + encodedKey);
@prateek Hope this is what you looking for!
java.security.UnrecoverableKeyException this is the exception thrown when I try this code actualy I want to retrieve alias password
KeyStore Explorer open source visual tool to manage keystores.
In a bash-like environment you can use:
keytool -list -v -keystore cacerts.jks | grep 'Alias name:' | grep -i foo
This command consist of 3 parts. As stated above, the 1st part will list all trusted certificates with all the details and that's why the 2nd part comes to filter only the alias information among those details. And finally in the 3rd part you can search for a specific alias (or part of it). The -i turns the case insensitive mode on. Thus the given command will yield all aliases containing the pattern 'foo', f.e. foo, 123_FOO, fooBar, etc. For more information man grep.
This will list all certificates:
keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts"
cmd:
keytool -list -keystore 'keystoreName'
and then press 'Enter' the cmd will then prompt you to enter the keystore password
cmd doesn't show the password on the screen while typing so just type the correct passwd -and be careful- then press enter again.
Or You can use:
keytool -list -keystore 'keystoreName' -storepass 'type your keystore passwd'
and for Keys' full info, just add -v:
keytool -v -list -keystore 'keystoreName' -storepass 'type your keystore passwd'
On Windows:
keytool -v -list -keystore my_keystore | findstr my_string
Reference:
CMD Search a directory to Find a string inside a file
If you get a warning
Warning: use -cacerts option to access cacerts keystore
then you may use this command
.\keytool.exe -list -cacerts
There are also console certificate manager written as a single-file shell script (open-source):
https://dev.to/sfkulyk/writing-panel-manager-for-certificate-keystore-in-linux-shell-187b
Can browse, copy, delete, rename and compare keystores.
keytool -v -list -cacerts -alias cert1
This works for me when I am checking for the certificate added to jdk-11 with alias name and check if it was added on windows machine
we can get the list of Certificates from Certs with simple command and search for your alias name in the resulted output.
keytool -list -keystore C:/swdtools/jdk1.7.0_67/jre/lib/security/cacerts
Follow WeChat
Success story sharing
Want to stay one step ahead of the latest teleworks?
Subscribe Now相似问题
- How can I create a keystore?
- How to import a .cer certificate into a java keystore?
- Understanding keystore, certificates and alias
- Can't execute jar- file: "no main manifest attribute"
- How do I find out which keystore was used to sign an app?
- How to avoid reverse engineering of an APK file
- Check android keystore keypass for correctness
- Android 8: Cleartext HTTP traffic not permitted
/path/to/keystoreinstead of.keystorewould be more clear to the reader. Anyway it is the correct answer!