How to check certificate name and alias in keystore files?

I have a bunch of .keystore files and need to find one with specific CN and alias. Is there a way to do it with keytool, jarsigner or some other tool? I found a way to check if specific keystore was used to sign a specific apk, but I also need to get the alias and certificate name in each of the files.

You can run the following command to list the content of your keystore file (and alias name):

keytool -v -list -keystore .keystore

If you are looking for a specific alias, you can also specify it in the command:

keytool -list -keystore .keystore -alias foo

If the alias is not found, it will display an exception:

> keytool error: java.lang.Exception: Alias does not exist

In order to get all the details I had to add the -v option to romaintaz answer:

keytool -v -list -keystore <FileName>.keystore

You can run from Java code.

try {
	    
	    File file = new File(keystore location);
	    InputStream is = new FileInputStream(file);
	    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
	    String password = "password";
	    keystore.load(is, password.toCharArray());
	    
	   
	    Enumeration<String> enumeration = keystore.aliases();
	    while(enumeration.hasMoreElements()) {
	        String alias = enumeration.nextElement();
	        System.out.println("alias name: " + alias);
            Certificate certificate = keystore.getCertificate(alias);
	        System.out.println(certificate.toString());
	        
	    }
	    
	} catch (java.security.cert.CertificateException e) {
		e.printStackTrace();
	} catch (NoSuchAlgorithmException e) {
		e.printStackTrace();
	} catch (FileNotFoundException e) {
		e.printStackTrace();
	} catch (KeyStoreException e) {
		e.printStackTrace();
	} catch (IOException e) {
		e.printStackTrace();
	}finally {
		if(null != is)
			try {
				is.close();
			} catch (IOException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
	}

Certificate class holds all information about the keystore.

UPDATE- OBTAIN PRIVATE KEY

Key key = keyStore.getKey(alias, password.toCharArray());
String encodedKey = new Base64Encoder().encode(key.getEncoded());
System.out.println("key ? " + encodedKey);

@prateek Hope this is what you looking for!

KeyStore Explorer open source visual tool to manage keystores.

In a bash-like environment you can use:

keytool -list -v -keystore cacerts.jks | grep 'Alias name:' | grep -i foo

This command consist of 3 parts. As stated above, the 1st part will list all trusted certificates with all the details and that's why the 2nd part comes to filter only the alias information among those details. And finally in the 3rd part you can search for a specific alias (or part of it). The -i turns the case insensitive mode on. Thus the given command will yield all aliases containing the pattern 'foo', f.e. foo, 123_FOO, fooBar, etc. For more information man grep.

This will list all certificates:

keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts"

cmd:

keytool -list -keystore 'keystoreName'

and then press 'Enter' the cmd will then prompt you to enter the keystore password

cmd doesn't show the password on the screen while typing so just type the correct passwd -and be careful- then press enter again.

Or You can use:

keytool -list -keystore 'keystoreName' -storepass 'type your keystore passwd'

and for Keys' full info, just add -v:

keytool -v -list -keystore 'keystoreName' -storepass 'type your keystore passwd'

On Windows:

keytool -v -list -keystore my_keystore | findstr my_string

Reference:

https://stackoverflow.com/questions/26537643/cmd-search-a-directory-to-find-a-string-inside-a-file

If you get a warning

Warning: use -cacerts option to access cacerts keystore

then you may use this command

.\keytool.exe -list -cacerts

There are also console certificate manager written as a single-file shell script (open-source):

https://dev.to/sfkulyk/writing-panel-manager-for-certificate-keystore-in-linux-shell-187b

Can browse, copy, delete, rename and compare keystores.

> keytool -v -list -cacerts -alias cert1

This works for me when I am checking for the certificate added to jdk-11 with alias name and check if it was added on windows machine