Import an existing private key into the BKS Keystore
I have a key pair generated by openssl as follows
openssl genrsa -out private_key.pem 2048
I converted it to DER format as follows
openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem \
-out private_key.der -nocrypt
Now I want to import it in
android, but I don’t want to import it because I want to protect it in keystore.
So my question is how to import an existing key into BKS keystore using keytool?
The private key is always accompanied by the certificate chain in the keystore (including
the corresponding certificate). You cannot add it to the KeyStore alone.
After generating the private key, you can
generate a self-signed certificate, which you can then use to add your
private key to the KeyStore along with the certificate.
Generate a self-signed certificate
openssl req -new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE]
-days 3650 -subj /[YOUR_SUBJECT_DN]
Create a PKCS#12 file that contains the private key and certificate
openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in
[CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey
Finally, convert the PKCS12 KeyStore to your
desired BKS storage type
keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD]
-srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass
If you need the Java default storage type
JKS, you can remove the –
providerclass and -providerpath parameters from the last command.