OK, apparently then a "keystore" (as defined here[1]) is really just a Java language-specific construct, and the .p12 is a certificate/private key pair (not a keystore).
Thanks all for your responses, Glen [1] http://java.sun.com/javase/6/docs/technotes/tools/solaris/keytool.html ________________________________ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Anand Patel Sent: Sunday, December 27, 2009 9:10 PM To: openssl-users@openssl.org Subject: Re: (newbie) private key vs. keystore confusion Not sure what you mean by keystore but above command combines certificate and key in PKCS12 format "service.p12". -Anand On Thu, Dec 24, 2009 at 10:33 AM, Mazza, Glen R. <glen.r.ma...@saic.com> wrote: Hello, I'm confused somewhat about the workings of OpenSSL, in particular the following command: openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out service.p12 -name myservicekey -passin pass:sspass -passout pass:skpass Question: Does the above command create a private key named "service.p12" or a keystore named "service.p12" that has a private key within it? I'm not sure what service.p12 is -- is it a keystore or a private key? If it is a keystore containing a private key, just to confirm, there is no real way with OpenSSL to create a private key without its enclosing keystore, correct? I.e., it is usual and normal for OpenSSL to create its private keys within keystores. But if it is just a private key, does OpenSSL provide the ability to create a keystore that can be used to house this private key? (What would the command be for that)? Thanks, Glen
