Move a Private Key Between Two JKS Keystores

The previous version of the article showed how to move a private key between two JKS key stores.

The solution consisted in writing a Java program that would use the KeyStore class to retrieve the key from a JKS keystore and store it in another one. The destination keystore would be completely rewritten.

With the tool keytool bundled with JDK versions 1.5 and newer, the process is possible without writing any program. The -importkeystore command line parameter of the new keytool does just this. Please see the keytool documentation for more information.

Here is the part of the keytool help presenting in detail all the parameters for importkeystore:

-importkeystore [-v]
[-srckeystore ] [-destkeystore ]
[-srcstoretype ] [-deststoretype ]
[-srcstorepass ] [-deststorepass ]
[-srcprotected] [-destprotected]
[-srcprovidername ]
[-destprovidername ]
[-srcalias [-destalias ]
[-srckeypass ] [-destkeypass ]]
[-providerclass [-providerarg ]] ...
[-providerpath ]