KeyStore Explorer currently supports the following features. Note that the application is being continuously developed and future versions will contain additional features to those listed below.

Full specifications are available for KeyStore Explorer, including supported algorithms, key sizes and file formats.

KeyStore Management Features

  • Create, load and save various KeyStore types:
    • JKS
    • JCEKS
    • PKCS #12
    • BKS (V1 and V2)
    • UBER
    • BCFKS
  • Conversion between these types.
  • Change KeyStore passwords.
  • Delete or rename KeyStore entries.
  • Cut/copy/paste KeyStore entries.
  • Search for KeyStore entries.
  • Configure a CA Certs KeyStore for use with KeyStore operations.

Key Pair Features

  • Generate RSA, DSA and EC (incl. Ed25519/Ed448) key pairs with self-signed X.509 certificates.
  • Apply X.509 certificate extensions to generated key pairs and Certificate Signing Requests (CSRs).
  • Import key pairs from PKCS #12 files.
  • Import key pairs from PKCS #8 private key/certificate combination files.
  • Import key pairs from Microsoft PVK private key/certificate combination files.
  • Import key pairs from OpenSSL private key/certificate combination files.
  • Generate CSRs in PKCS #10 and SPKAC formats.
  • Import Certificate Authority (CA) replies.
  • Export key pairs as PKCS #12.
  • Export private keys as PKCS #8.
  • Export private keys as Microsoft PVK.
  • Export private keys as OpenSSL.
  • Change the password of key pair entries.
  • Append certificates to key pair certificate chains.

Certificate Features

  • Import X.509 certificate files as trusted certificates.
  • View the details of certificates contained within KeyStore entries, certificate files and SSL web sites.
  • Export certificates in a variety of formats (X.509, PKCS #7, PKI Path, SPC).
  • Export certificate public keys in OpenSSL (SubjectPublicKeyInfo) format.
  • View the details of Certificate Revocation List (CRL) files.
  • View X.509 Certificate, CRL and CRL entry X.509 V3 extensions.
  • Validation of certificates (signature verification, path validation, revocation status checks).

Digital Signature Features

  • Sign CSRs in PKCS #10 and SPKAC formats.
  • Create and sign key pairs with a CA certificate in one step.
  • Sign CRLs (Certificate Revocation Lists)
  • Sign Java Archive (JAR) files.
  • Add a timestamp to jar signatures.
  • Sign J2ME MIDlet Applications files.
  • Sign JWT (JSON Web Token) files.