Reputation: 3665
How to import x509.pem pk8 file into jks-keystore?
I have already tried to use the command
keytool -import -keystore *.jks -alias alias_name -keypass alias_passwd -file *.x509.pem` (no *.pk8 file)
but when I use the jks to sign the APK, a
trusted certificate entries are not password-protected
error occures.
Upvotes: 16
Views: 18172
Answers (3)
Reputation: 313
Fang's answer is correct, but was lacking explanation. I had to figure out a couple things to make sense of it, and although I'm not 100% sure of everything I derived from my experience, I'm pretty sure it could help people, so here goes.
Beforehand, make sure you have openssl and keytool installed and added to your PATH, otherwise the commands won't work, of course.
openssl pkcs8 -in platform.pk8 -inform DER -outform PEM -out platform.priv.pem -nocrypt
This will generate a file, "platform.priv.pem" from you pk8 file.
openssl pkcs12 -export -in platform.x509.pem -inkey platform.priv.pem -out platform.pk12 -name {{KEY_ALIAS}}
This will generate "platform.pk12" file using both your "platform.x509.pem" file and the previously generated "platform.priv.pem". The key alias is a String value you provide, it can be anything you want, but you'll need to remember it.
After entering this command, you will be prompted for a password (and a password confirmation). You will be defining this password yourself. It will be your "key password", and, of course, you'll need to rember it too.
keytool -importkeystore -destkeystore {{STORE_FILE_NAME}}.jks -srckeystore platform.pk12 -srcstoretype PKCS12 -srcstorepass {{KEY_PASSWORD}} -alias {{KEY_ALIAS}}
The final command will actually do one of two things :
- if the specified jks file already exists, it will import (or override if it exists) the key with the given alias
- if the file doesn't exist yet, it will create a brand new jks file, and import your key with the given alias
Anyway, the command takes in the previously defined key password and key alias.
Once the command is entered, you will be prompted for the store password. If it's an already existing JKS file, you will have to give the already existing JKS store password.
Otherwise, it is a new JKS you define a new password. Remember the value you give it.
At the end of the day, you have defined 4 values :
- key alias
- key password
- store password
- store file name
And that's exactly what your Android project's Gradle file will need to sign your APK
File : [Android Project Root]/app/build.graddle
[...]
android {
[...]
signingConfigs {
release {
storeFile file("{{STORE_FILE_PATH*}}/{{STORE_FILE_NAME}}.jks")
storePassword "{{STORE_PASSWORD}}"
keyAlias "{{KEY_ALIAS}}"
keyPassword "{{KEY_PASSWORD}}"
}
}
[...]
}
[...]
* : the JKS file should probably be placed within your project, for versioning, but also for simplicity. Provide the relative path from your build.graddle location.
Upvotes: 12
Reputation: 632
Given that the keytool-importkeypair works only with a keystore already existing you can use this other version of the script, which will work by creating and importing your .x509.pem and .pk8 in a new keystore.
Here the script platform_import_keystore
Upvotes: 3
Reputation: 3665
openssl pkcs8 -in platform.pk8 -inform DER -outform PEM -out platform.priv.pem -nocrypt
openssl pkcs12 -export -in platform.x509.pem -inkey platform.priv.pem -out platform.pk12 -name android
keytool -importkeystore -destkeystore platform.jks -srckeystore platform.pk12 -srcstoretype PKCS12 -srcstorepass android -alias android
Upvotes: 23
Related Questions
- Generate JKS keystore from pem files
- convert .pem to jks with out key file
- How to import .pem together with .key to a keystore (.jks)
- one PEM file with private key and certificate into JKS
- How to convert trust certificate from .jks to .pem?
- Import .key and .pem file to jks file and use in Java/Spring
- Import PFX file into Existing JKS file (NOT converting from .pfx to .jks)
- certificate in jks keystore to be imported in java home
- Import private key from pem file into keystore
- Import .pem public and private keys to JKS keystore