I have a key pair generated by openssl in the following way
openssl genrsa -out private_key.pem 2048
The I convert it to DER format as follow
openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem \ -out private_key.der -nocrypt
And now I want to import it in android but I don't want import it as it I want to protect it within a keystore.
So my question is how can I import a existing key into BKS keystore using keytool?
Thanks
A Private Key is always accompanied by a Certificate Chain (that includes the corresponding Certificate) in a KeyStore. You cannot just add it to the KeyStore just by itself.
Once you have generated the Private Key, you can generate a self-signed Certificate, you can then use this certificate to add your private key along with the certificate to the KeyStore.
Generating self-signed Certificate
openssl req -new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] -days 3650 -subj /[YOUR_SUBJECT_DN]
Creating a PKCS#12 file containing the PrivateKey and the Certificate
openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey
Finally, converting the PKCS12 KeyStore to your desired BKS store type
keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152.jar]
If you need the Java default store type JKS, you can remove the -providerclass and -providerpath arguments from the last command.
