https://gist.github.com/wbroek/cd87d161b52d0ddba08d
https://docs.wso2.com/display/EMM200/Generating+a+BKS+File+for+Android#GeneratingaBKSFileforAndroid-Prerequisites
openssl pkcs12 -export -out Cert.p12 -in cert.pem -inkey key.pem -passin pass:root -passout pass:root
openssl pkcs12 -export -inkey cert_key_pem.txt -in cert_key_pem.txt -out cert_key.p12
-inkey为私钥文件,-in为证书,如果pem私钥没有密码,则使用-nodes表示无密码,如果有密码使用-passin,如果私钥和证书都在同一文件里则-in和-inkey指定同一个文件。-CAfile,表示CA证书。
合成 pkcs#12 证书(含私钥)
** 将 pem 证书和私钥转 pkcs#12 证书 **
openssl pkcs12 -export -in server.crt -inkey server.key -passin pass:111111 -password pass:111111 -out server.p12
其中-export指导出pkcs#12 证书,-inkey 指定了私钥文件,-passin 为私钥(文件)密码(nodes为无加密),-password 指定 p12文件的密码(导入导出)
** 将 pem 证书和私钥/CA 证书 合成pkcs#12 证书**
openssl pkcs12 -export -in server.crt -inkey server.key -passin pass:111111 \
-chain -CAfile ca.crt -password pass:111111 -out server-all.p12
Convert pkcs12 key to bks format for Android
Dear Reader,
If you ever want to convert a pkcs12 format key to bks format for Android follow the below instructions.
First of all downlaod bcprov-jdk16-1.46.jar file
[root@itpings certs]# wget http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk16/1.46/bcprov-jdk16-1.46.jar
–2017-06-30 17:05:40– http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk16/1.46/bcprov-jdk16-1.46.jar
Resolving repo1.maven.org (repo1.maven.org)… 151.101.32.209
Connecting to repo1.maven.org (repo1.maven.org)|151.101.32.209|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1876535 (1.8M) [application/java-archive]
Saving to: ‘bcprov-jdk16-1.46.jar’
bcprov-jdk16-1.46.j 100%[===================>] 1.79M –.-KB/s in 0.02s
2017-06-30 17:05:40 (89.3 MB/s) – ‘bcprov-jdk16-1.46.jar’ saved [1876535/1876535]
Now Convert the File as follow with keytool
[root@itpings certs]# keytool –importkeystore –srckeystore user.P12 -srcstoretype pkcs12 –destkeystore user.bks –deststoretype bks –provider org.bouncycastle.jce.provider.BouncyCastleProvider -–providerpath bcprov-jdk16-1.46.jar
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias 1 successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[root@itpings certs]# ls
user.bks
Done.
Thanks,
Salman Aftab
ITpings
YouTube: LinuxKing
FaceBook: LZHProject
openssl pkcs12 -export -out polycom.p12 -in output.pem -inkey output.pem -nodes -passout pass:111111
keytool -importkeystore -srckeystore polycom.p12 -srcstoretype pkcs12 -destkeystore polycom.bks -deststoretype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider --providerpath bcprov-jdk16-1.46.jar
#test p12 private key and public key
#openssl pkcs12 -in test.p12 -nocerts -nodes -out 1.key
#openssl rsa -in 1.key -pubout -out polycom_public.pem
#openssl rsa -in 1.key -out polycom_private.pem
输出没有加密的私钥:
openssl pkcs12 -in test.p12 -nocerts -nodes -out key.pem
https://blog.csdn.net/as3luyuan123/article/details/16105475
https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html