问题
Is there a way in keytool to print the publick key of a certificate? I tried:
keytool -printcert -file client.crt
But it gives only the following information:
Owner: CN=client, OU=as, O=as, L=as, ST=as, C=as
Issuer: EMAILADDRESS=as, CN=ca, OU=as, O=as, L=as, ST=as, C=as
Serial number: 3
Valid from: Tue Apr 10 12:18:47 GMT+05:30 2012 until: Wed Apr 10 12:18:47 GMT+05
:30 2013
Certificate fingerprints:
MD5: 26:C0:29:E9:8C:AB:C3:9E:95:38:74:8A:87:D3:86:8D
SHA1: 5C:5A:BA:47:44:83:7E:CB:48:BE:DD:E5:39:51:24:42:C6:C5:60:8B
SHA256: DA:26:B8:C8:F4:04:3E:62:F3:7F:3B:EC:1D:9F:85:66:28:00:45:55:66:
15:FF:BB:37:77:97:59:F0:EC:0B:B6
Signature algorithm name: SHA1withRSA
Version: 1
There is no public key in this.
回答1:
You can do that With openssl.
If this certificate is DER-encoded (binary), use:
openssl x509 -inform der -in client.crt -pubkey -noout
for PEM-encoded use -inform pem option (or no -inform at all).
To see details of public key, use:
openssl x509 -inform der -in client.crt -pubkey -noout | openssl rsa -pubin -text -noout
回答2:
You can do it with:
keytool -list -rfc -keystore mykeystore.jks -alias certificate_alias -storepass password
Example run:
PS c:\sample> keytool -list -rfc -keystore mykeystore.jks -alias cert_alias -storepass password
Alias name: cert_alias
Creation date: Apr 25, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
-----BEGIN CERTIFICATE-----
MIIB4zCCAUygAwIBAgIIRzI14w7rL20wDQYJKoZIhvcNAQENBQAwMzELMAkGA1UEBhMCVVMxDTAL
BgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUgb3U9Tm9uZTAgFw0xNDA0MjQxNzQ0NDJaGA8yMTE0
MDQyNTE3NDQ0MlowMzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBE5vbmUxFTATBgNVBAMTDE5vbmUg
b3U9Tm9uZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAivXBBtFnJTm1NbHysv3Mnpn/lCg6
1onJDxr/jkvI8+1Bljs1jktyYOeKDWxJwpDU7QyIqttgtDvRT4Yaew5WiQyADIyY0cBTvp3S7uKx
M5C3zxZdG6WTflU7xcYnGk3/d0VhwA6BL9YPsRaS/K+ww1yvxWKIOPW68wDe0ccvGWcCAwEAATAN
BgkqhkiG9w0BAQ0FAAOBgQB/5qDMA9fmlCWlOD9aHjBD6I8zAOSshMCFK8XcZJHowag8WtZyL3DR
insx2HoDlBewIJAEtAplo2NpeFyNtK93PS7zV+vwEYHCu46Db3klMksp3MmSXD39QPlmwfsGZlja
K8Ww0TsR5GtccFMH41KKa+PlvVZNEdZumdrca59olQ==
-----END CERTIFICATE-----
回答3:
You can print the cert to pem format, then use openssl to print public key from the pem format.
add
-rfcoption to -printcertkeytool -printcert -rfc -file client.crt
save the output like below to a file client.pem
-----BEGIN CERTIFICATE----- MIIB4zCCAUygAwIBAgIIRzI14w7rL20wDQYJKoZIhvcNAQENBQAwMzELMAkGA1UEBhMCVVMxDTAL
......
-----END CERTIFICATE-----
then use openssl
openssl x509 -inform pem -text -in client.pem
so you got the public key
回答4:
Keytool list rfc just prints the base64 encoded version of whole certificate, not the public key. Keytool doesn't support the printing the public key of Certificate. We can use openssl for this purpose.
来源:https://stackoverflow.com/questions/10103657/how-to-print-the-public-key-of-a-certificate-using-keytool