Not able to store key in .jks file.I am using AES 256 algorithm and GCM mode

Question

keytool -genseckey -alias aes256key -keyalg AES -keysize 256 -storetype JKS -keystore keystore.jks -storepass changeit -keypass changeit

Answer 1

Tried running the command and received the following error:

keytool error: java.security.KeyStoreException: Cannot store non-PrivateKeys

You are trying to store a symmetric key inside a JKS keystore type. JKS only allows storing asymmetric keys (public-private key pairs). If you want to store a symmetric key, try using another keystore type, like JCEKS.

keytool -genseckey -alias aes256key -keyalg AES -keysize 256 -storepass changeit -keypass changeit -storetype JCEKS -keystore keystore.jceks

The -storetype JCEKS does the magic in the command above.

Additionally, you could generate asymmetric keys via the -genkeypair argument. Keep in mind, -genseckey generates symmetric keys, while the other one generates public-private key pairs.