Android Studio to generate keystore signature file
Common SSL certificate format:
- .DER .CER, is a binary file format, save only the certificate, the private key is not saved.
- .PEM, usually text format, you can save the certificate, the private key can be stored.
- .CRT, may be a binary format, text format, the same format .DER, do not save the private key.
- .PFX .P12, binary format that contains both the certificate and private key, usually password protected.
- .JKS, binary format that contains both the certificate and private key, usually password protected.
OF THE
The format is a binary file content, Java and Windows servers tend to use this encoding format.
OpenSSL View
openssl x509 -in certificate.der -inform der -text -noout
Converted to PEM:
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
PEM
Privacy Enhanced Mail, usually text format to -----BEGIN...
the beginning to -----END...
the end. The content intermediate BASE64 encoding. This format can store certificates and private keys, sometimes we have the private key in PEM format instead .key suffix to distinguish between the certificate and private key. You can look at the specific contents of the file.
This format is commonly used in the Apache and Nginx server.
OpenSSL View:
openssl x509 -in certificate.pem -text -noout
Convert DER:
openssl x509 -in cert.crt -outform der -out cert.der
CRT
Certificate short, there may be a PEM encoded format, there may be DER encoded format. How to view please refer to the first two formats.
PFX
Predecessor of PKCS # 12, this format is a binary format, and the presence of a PFX certificate and private key file. Generally used for the IIS server on Windows. Change the file format generally have a password to ensure the security of the private key.
OpenSSL View:
openssl pkcs12 -in for-iis.pfx
Converted to PEM:
openssl pkcs12 -in for-iis.pfx -out for-iis.pem -nodes
JKS
Java Key Storage, it is easy to know that this is a proprietary format JAVA, JAVA use of a called keytool
tool can convert the format. Generally used for the Tomcat server.
--------------------------------------------------------
p12 -> jks
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks
jks -> p12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12
Export cert from inside jks
keytool -export -alias cert0001 -keystore trust.jks -storepass 123456 -file cert0001.cer
The cert import jks
keytool -import -v -alias cert001 -file cert001.cer -keystore trust.jks -storepass 123456 -noprompt
Cryptographic key removal pem format (password is not input to output)
openssl rsa -in cert2.key -out cert22.key
The combined output format pem pfx (p12)
openssl pkcs12 -export -inkey cert22.key -in cert2.crt -out cert2.pfx
CA and designated intermedian
openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in mycert.crt -certfile intermediate.crt -CAfile ca.crt
pfx back pem
openssl pkcs12 -in cert2.pfx -out cert22.pem -nodes
pem turn key
openssl rsa -in cert22.pem -out cert22.key
pem crt turn
openssl x509 -in cert22.pem -out cert22.crt
turn pem cert
openssl x509 -in cert2.cer -out cert2.pem -outform PEM
turn der pem
openssl x509 -in cert22.pem -inform PEM -out cert22.der -outform DER
der turn pem
openssl x509 -in cert22.cer -inform DER -out cert22.pem -outform PEM
---------------------------------------------------------
======================= End