Export public-private keys from PFX file

-


In this blog I'll share the snippets used to export the public key & private key from a PFX file. Sometimes we have to perform the data encryption/decryption using the digital signature by taking the public key(so called as SSL certificate or public keys)  to encrypt the data and private key to decrypt the data.

Let's take the sample DSCs provided by eMudhra- https://www.e-mudhra.com/Repository/
I have taken "e-Mudhra sub CA for Class 3 Individual 2014" for this blog. This zip contains two files as-
  1. Class 3 individiual test_encryption.pfx- For data encryption/decryption
  2. Class 3 individiual test_Signature.pfx- For signing the document
We'll take the file Class 3 individiual test_encryption.pfx for this blog and follow the below steps to obtain the public key & private key.
  • A linux machine with openssl utility
  • Run the following command to extract the private key
openssl pkcs12 -in Class_3_individiual_test_encryption.pfx -nocerts -out private_key.key
If prompted,enter the password- emudhra
  • Run the following command to decrypt the private key
openssl rsa -in private_key.key -out private_key-decrypted.key
  • Run the following command to extract the certificate
openssl pkcs12 -in Class_3_individiual_test_encryption.pfx -clcerts -nokeys -out public_key.crt

So, finally we have our-
Public key- public_key.crt
Private Key- private_key-decrypted.key

-----------------------------------------------------------------
Below commands to follow to convert PFX to JKS file-
-----------------------------------------------------------------
Create JKS
keytool -importkeystore -srckeystore e-Mudhra_Sub_CA_for_Class_3_Individual_2022.pfx -srcstoretype pkcs12  -destkeystore em_clientcert.jks -deststoretype JKS

Convert JKS to pkcs12 format
keytool -importkeystore -srckeystore em_clientcert.jks -destkeystore em_clientcert.jks -deststoretype pkcs12

-----------------------------------------------------------------
Below commands to follow to obtain CER from JKS-
-----------------------------------------------------------------
Export the PEM from JKS
keytool -exportcert -alias test1 -keystore em_clientcert.jks -rfc -file em_clientCRT.pem

Convert pem to DER
openssl x509 -outform der -in em_clientCRT.pem -out em_clientCRT.der

Convert DER to CER
openssl x509 -inform der -in em_clientCRT.der -out em_clientCRT.cer

Ref: 

Location: QPCF+5Q Haripura, Rajasthan, India

Comments

Post a Comment

Popular posts from this blog

Oracle SOA Suite- Implementing Email Notification

-
Image
In this post, I am going to show how to implement email notifications in Oracle SOA Suite using BPEL process. So let's get started- Implementing email notification in Oracle SOA Suite consists of below steps: Environment- IDE- Oracle jDeveloper 11g Weblogic Server 12c Oracle SOA Suite 12c High Level Steps Keep ready email server settings. Configure & enable usermessagingdriver-email for target SOA servers via console. Setting up Email driver (usermessagingdriver-email )with email server settings via enterprise manager. Enable notifications for SOA workflows(make sure either All or EMail option is selected).. Create SOA composite application Deploy it on SOA server. Testing & done. 1. Keep ready email server settings. Keep ready your below email server settings: Outgoing Mail Server          : smtp.domain.com Outgoing Mail Server Port   : xxx Default From Address         : username@doamin.com Outgoing Username            : actualemailid@doma
Read more

Oracle SOA Suite 12c- PKIX path building failed & unable to find valid certification path to requested target

-
Image
Hi Everyone, in this blog I'll be writing one of the strange issue that has been encountered while working with a Oracle SOA composite running in Oracle IDAM environment and trying to invoke a SSL based remote service where SSL certification based exception has been thrown during the service invocation. Environment Oracle SOA Suite 12c  (HA Mode) Oracle IDAM 12c (HA Mode) Oracle Linux 7 External Web Service (SOAP Service) Problem Below is the exception thrown when trying to invoke an external webservice (SSL Based) via BPEL process- <bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://idam.uppclonline.com/soa-infra/services/default/DefaultOperationalApproval!5.12*soa_69e4734b-d8fe-4edf-b44e-e287f61c2ddf/SMSNotification%23ApprovalProcess/SMSNotification" succe
Read more

Migration of Oracle SOA Suite Composite from 11g to 12c

-
Image
Recently I have came across a scenario where I have a business requirement of  migration of Oracle SOA Suite 11g(11.1.1.7.0) to 12c(12.1.3.0). Below are the different mechanisms I have tried to do, few of them failed and one succeeded. Working in Oracle SOA Suite 11g is completely different from 12c. In 11g, we need to install the jDeveloper(11.1.1.7) then SOA extension separately to be installed either via offline file  (download available at  https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/156082.xml ) or through jDeveloper top menu >>  Help >> Check for Updates >> SOA Extension.  While working with 12c doesn't involves such tedious job. Only single installer is required for jDeveloper/SOA/Weblogic and is available as QuickStart Installer(download available at https://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html). Approach 1- Compress(Zip) SOA composite code of 11g version (11.1.1.7.0) and unzip to a differe
Read more