Android Studio to generate keystore signature file

Common SSL certificate format:

.DER .CER, is a binary file format, save only the certificate, the private key is not saved.
.PEM, usually text format, you can save the certificate, the private key can be stored.
.CRT, may be a binary format, text format, the same format .DER, do not save the private key.
.PFX .P12, binary format that contains both the certificate and private key, usually password protected.
.JKS, binary format that contains both the certificate and private key, usually password protected.

OF THE

The format is a binary file content, Java and Windows servers tend to use this encoding format.

OpenSSL View

openssl x509 -in certificate.der -inform der -text -noout

Converted to PEM:

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

PEM

Privacy Enhanced Mail, usually text format to -----BEGIN... the beginning to -----END... the end. The content intermediate BASE64 encoding. This format can store certificates and private keys, sometimes we have the private key in PEM format instead .key suffix to distinguish between the certificate and private key. You can look at the specific contents of the file.

This format is commonly used in the Apache and Nginx server.

OpenSSL View:

openssl x509 -in certificate.pem -text -noout

Convert DER:

openssl x509 -in cert.crt -outform der -out cert.der

CRT

Certificate short, there may be a PEM encoded format, there may be DER encoded format. How to view please refer to the first two formats.

PFX

Predecessor of PKCS # 12, this format is a binary format, and the presence of a PFX certificate and private key file. Generally used for the IIS server on Windows. Change the file format generally have a password to ensure the security of the private key.

OpenSSL View:

openssl pkcs12 -in for-iis.pfx

Converted to PEM:

openssl pkcs12 -in for-iis.pfx -out for-iis.pem -nodes

JKS

Java Key Storage, it is easy to know that this is a proprietary format JAVA, JAVA use of a called keytool tool can convert the format. Generally used for the Tomcat server.

--------------------------------------------------------

p12 -> jks

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

jks -> p12

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS
-deststoretype PKCS12 -destkeystore keystore.p12

Export cert from inside jks

keytool -export -alias cert0001 -keystore trust.jks -storepass 123456 -file cert0001.cer

The cert import jks

keytool -import -v -alias cert001 -file cert001.cer -keystore trust.jks -storepass 123456 -noprompt

Cryptographic key removal pem format (password is not input to output)

openssl rsa -in cert2.key -out cert22.key

The combined output format pem pfx (p12)

openssl pkcs12 -export -inkey cert22.key -in cert2.crt -out cert2.pfx

CA and designated intermedian

openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in mycert.crt -certfile intermediate.crt -CAfile ca.crt

pfx back pem

openssl pkcs12 -in cert2.pfx -out cert22.pem -nodes

pem turn key

openssl rsa -in cert22.pem -out cert22.key

pem crt turn

openssl x509 -in cert22.pem -out cert22.crt

turn pem cert

openssl x509 -in cert2.cer -out cert2.pem -outform PEM

turn der pem

openssl x509 -in cert22.pem -inform PEM -out cert22.der -outform DER

der turn pem

openssl x509 -in cert22.cer -inform DER -out cert22.pem -outform  PEM

---------------------------------------------------------

======================= End