How to check certificate name and alias in keystore files?
I have a bunch of .keystore files and need to find one with specific CN and alias. Is there a way to do it with keytool, jarsigner or some other tool? I found a way to check if specific keystore was used to sign a specific apk, but I also need to get the alias and certificate name in each of the files.
Solution 1:
You can run the following command to list the content of your keystore file (and alias name):
keytool -v -list -keystore .keystore
If you are looking for a specific alias, you can also specify it in the command:
keytool -list -keystore .keystore -alias foo
If the alias is not found, it will display an exception:
keytool error: java.lang.Exception: Alias does not exist
Solution 2:
In order to get all the details I had to add the -v option to romaintaz answer:
keytool -v -list -keystore <FileName>.keystore
Solution 3:
You can run from Java code.
try {
File file = new File(keystore location);
InputStream is = new FileInputStream(file);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "password";
keystore.load(is, password.toCharArray());
Enumeration<String> enumeration = keystore.aliases();
while(enumeration.hasMoreElements()) {
String alias = enumeration.nextElement();
System.out.println("alias name: " + alias);
Certificate certificate = keystore.getCertificate(alias);
System.out.println(certificate.toString());
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}finally {
if(null != is)
try {
is.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
Certificate class holds all information about the keystore.
UPDATE- OBTAIN PRIVATE KEY
Key key = keyStore.getKey(alias, password.toCharArray());
String encodedKey = new Base64Encoder().encode(key.getEncoded());
System.out.println("key ? " + encodedKey);
@prateek Hope this is what you looking for!
Solution 4:
KeyStore Explorer open source visual tool to manage keystores.
Solution 5:
In a bash-like environment you can use:
keytool -list -v -keystore cacerts.jks | grep 'Alias name:' | grep -i foo
This command consist of 3 parts. As stated above, the 1st part will list all trusted certificates with all the details and that's why the 2nd part comes to filter only the alias information among those details. And finally in the 3rd part you can search for a specific alias (or part of it). The -i turns the case insensitive mode on. Thus the given command will yield all aliases containing the pattern 'foo', f.e. foo, 123_FOO, fooBar, etc. For more information man grep
.