Program for converting PKCS#12 keystores into Java keystores


KeystoreUtil is a program for converting a PKCS#12 keystore to a Java keystore suitable for signing JAR-files such as Java extensions (plugins/features) for the Notes 8 platform. The program is written in Java and requires Java to run. Below you can find the source code as well as a compiled version. There's also a BAT-file for easy execution on Windows.


Installation should be fairly easy and is done like this:

  1. Make sure you have a working Java environment and the java-executable (java.exe on Windows) is available on the PATH. Test by opening a Command Prompt and typing "java -version" which should print the version of the Java environment you're using.
  2. Download KeystoreUtil.class and keystoreutil.bat from below to the same directory
  3. Test that KeystoreUtil works by simply running the keystoreutil.bat in the directory using a Command Prompt. You should see a line with the syntax being printed to the Command Prompt


Run keystoreutil.bat with three arguments:

  1. the path/filename to the PKCS#12 keystore to convert
  2. the password of the PKCS#12 keystore
  3. the path/filename to the Java keystore you'll like to create

Once the execution of the program is done you should have a Java keystore with the specified name and the same password as your PKCS#12 file. The alias of the converted signer key is "signerkey".

Example 1 (bat-file)
keystoreutil.bat domino_admin.pfx password keystore.jks

Example 2 (Java)
java -cp KeystoreUtil.jar KeystoreUtil domino_admin.pfx password keystore.jks


Source code

import java.security.Principal;
import java.security.Key;
import java.security.PrivateKey;
import java.security.KeyStore;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.cert.Certificate;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Enumeration;

public class KeystoreUtil{
   public static void main(String[] args) throws Exception {
      if (args.length != 3) {
         System.out.println("Syntax: KeystoreUtil <pkcs12 " + 
            "keystore> <pkcs12 keystore password> " + 
            "<jks keystore>");

      // declarations
      String signkeyalias = "signerkey";

      // load keystore
      KeyStore kspkcs12=KeyStore.getInstance("PKCS12");
      kspkcs12.load(new FileInputStream(args[0]), 

      // loop keys
      Enumeration<String> aliases = kspkcs12.aliases();
      while (aliases.hasMoreElements()) {
         String alias = aliases.nextElement();
         System.out.println("Found alias: " + alias);

         // is this a key?
         if (kspkcs12.isKeyEntry(alias)) {
            System.out.println("Found key with alias: " + alias);

            // load key
            KeyStore.Entry e = kspkcs12.getEntry(alias, new 
            PrivateKeyEntry pke = (PrivateKeyEntry)e;

            // get private key and certificate chain
            PrivateKey pk = pke.getPrivateKey();
            Certificate[] certchain = pke.getCertificateChain();
            // create new empty Java keystore with same password
            KeyStore ksjks=KeyStore.getInstance("JKS");
            ksjks.load(null, args[1].toCharArray());

            // add private key (with store password) and cert chain
               pk, args[1].toCharArray(), certchain);
            ksjks.store(new FileOutputStream(args[2]), 

            // output
            System.out.println("Created new signing " + 
               "key with alias: " + signkeyalias);

Creative Commons License
KeystoreUtil by Mikkel Flindt Heisterberg is licensed under a Creative Commons Attribution-Share Alike 2.5 Denmark License.
Based on a work at lekkimworld.com.