如何使用私钥将 .pfx 文件转换为密钥库? [英] How to convert .pfx file to keystore with private key?

问题描述

我需要签署 Android 应用程序 (.apk).
我有 .pfx 文件.我通过 Internet Explorer 将其转换为 .cer 文件，然后使用 keytool 将 .cer 转换为 .keystore.然后我尝试使用 jarsigner 对 .apk 进行签名，但它说 .keystore 不包含私钥.

I need to sign Android application (.apk).
I have .pfx file. I converted it to .cer file via Internet Explorer and then converted .cer to .keystore using keytool. Then I've tried to sign .apk with jarsigner but it says that .keystore doesn't content a private key.

我做错了什么?

推荐答案

使用 JDK 1.6 或更高版本

Justin 在下面的评论中指出，单独使用 keytool 就可以使用以下命令执行此操作(尽管仅在 JDK 1.6 及更高版本中):

It has been pointed out by Justin in the comments below that keytool alone is capable of doing this using the following command (although only in JDK 1.6 and later):

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 
-destkeystore clientcert.jks -deststoretype JKS

使用 JDK 1.5 或更低版本

OpenSSL 可以做到这一切.JGuru 上的这个答案 是我目前找到的最好方法.

OpenSSL can do it all. This answer on JGuru is the best method that I've found so far.

首先确保您已安装 OpenSSL.正如我在 Mac OS X 中发现的那样，许多操作系统已经安装了它.

Firstly make sure that you have OpenSSL installed. Many operating systems already have it installed as I found with Mac OS X.

以下两个命令将 pfx 文件转换为可以作为 Java PKCS12 密钥库打开的格式:

The following two commands convert the pfx file to a format that can be opened as a Java PKCS12 key store:

openssl pkcs12 -in mypfxfile.pfx -out mypemfile.pem
openssl pkcs12 -export -in mypemfile.pem -out mykeystore.p12 -name "MyCert"

请注意，第二个命令中提供的名称是您在新密钥库中的密钥别名.

NOTE that the name provided in the second command is the alias of your key in the new key store.

您可以使用 Java keytool 实用程序通过以下命令验证密钥库的内容:

You can verify the contents of the key store using the Java keytool utility with the following command:

keytool -v -list -keystore mykeystore.p12 -storetype pkcs12

最后，如果您需要，您可以通过将上面创建的密钥存储导入新的密钥存储将其转换为 JKS 密钥存储:

Finally if you need to you can convert this to a JKS key store by importing the key store created above into a new key store:

keytool -importkeystore -srckeystore mykeystore.p12 -destkeystore clientcert.jks -srcstoretype pkcs12 -deststoretype JKS

这篇关于如何使用私钥将 .pfx 文件转换为密钥库?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！