How to check the content of a Java KeyStore

by

Java KeyStores (JKS) provide a secure way to store sensitive data, and they can be used by Java applications to encrypt and decrypt data, authenticate users, and secure network communications. In this tutorial we will check three ways to read the content of a KeyStore information such as the alias the the Certificate.

Prerequisites

To follow this tutorial, you will need the following:

  • A Java development environment (IDE) such as Eclipse or IntelliJ IDEA
  • The keytool command-line tool (included in the Java Development Kit (JDK))

Then, using the keytool command line tool create a Keystore and choose a password for it:

keytool -genkeypair -alias myAlias -keyalg RSA -keysize 2048 -keystore myKeystore.jks -validity 365

Option 1: Use the keytool command line

The Keytool command includes the -list option to list the content of your Keystore. To have a verbose output, include also the -v option. For example:

keytool -v -list -keystore myKeystore.jks

Here is the example output from our Keystore:

java how to read a keystore content

Option 2: Use the openssl tool

OpenSSL is an open-source, command-line tool and cryptographic library widely used for secure communication, data encryption, and certificate management across various platforms. It’s a versatile set of tools and libraries that provide cryptographic functionalities essential for secure connections, including SSL/TLS protocols, encryption, decryption, digital signatures, and certificate handling.

To read the content of the Keystore using openssl, run the following command:

openssl pkcs12 -in myKeystore.jks -info -nokeys

Then, you should see an output similar to the following:

java read keystore alias with keytool

Option 3: Use the java.security API

Finally, we will show how to show the KeyStore information, such as the Alias, programmatically. In this main Java Class we show how to extract this information using the java.security.KeyStore and java.security.cert.Certificate Classes:

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;

public class KeystoreChecker {
    public static void main(String[] args) {
        String keystoreFile = "myKeystore.jks";
        String keystorePassword = "password";

        try {
            // Load the keystore
            KeyStore keystore = KeyStore.getInstance("JKS");
            keystore.load(new FileInputStream(keystoreFile), keystorePassword.toCharArray());

            // List all aliases in the keystore
            Enumeration<String> aliases = keystore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                System.out.println("Alias: " + alias);

                // Retrieve and print details of each certificate
                Certificate cert = keystore.getCertificate(alias);
                if (cert != null) {
                    System.out.println("Certificate Type: " + cert.getType());
                    // Additional details can be extracted from the certificate if needed
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Conclusion

In this step-by-step guide we have provided three different approaches to show the content of a Java Keystore to display the Alias name and its content

Found the article helpful? if so please follow us on Socials