Last active
February 19, 2018 13:58
-
-
Save andreafalzetti/0f825add45fa6dc2a40da2d61ef5d060 to your computer and use it in GitHub Desktop.
Extract the private key from a JSK repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script extracts the private key from a JKS repository | |
| # | |
| # Usage: | |
| # ./jks-to-pem.sh keystore.jks | |
| # | |
| P12_KEYSTORE=./keystore.p12 | |
| ENCRYPTED_PRIVATE_KEY=./encrypted-private-key.pem | |
| OUTPUT_RSA=./private.key | |
| echo "Enter KeyStore password:" | |
| read certificatePassword | |
| # Import the store and extract the private-key from the archive | |
| keytool -importkeystore -srckeystore $1 \ | |
| -srcstoretype JKS \ | |
| -srcstorepass $certificatePassword \ | |
| -destkeystore $P12_KEYSTORE \ | |
| -deststoretype PKCS12 \ | |
| -deststorepass $certificatePassword | |
| # Convert the PKCS12 Key and certificate to the PEM format | |
| # See (https://www.cloudera.com/documentation/enterprise/5-10-x/topics/cm_sg_openssl_jks.html) | |
| openssl pkcs12 -in $P12_KEYSTORE \ | |
| -passin pass:$certificatePassword \ | |
| -nocerts -out $ENCRYPTED_PRIVATE_KEY \ | |
| -passout pass:$certificatePassword | |
| # Remove the private key password | |
| openssl rsa -in $ENCRYPTED_PRIVATE_KEY \ | |
| -passin pass:$certificatePassword \ | |
| -out $OUTPUT_RSA | |
| rm $P12_KEYSTORE | |
| rm $ENCRYPTED_PRIVATE_KEY | |
| cat $OUTPUT_RSA |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment