ibm-mobilefirstmobilefirst-cli

app authentication - Extract public sign key from command line


My client doesn't have MobileFirst plugin for eclipse installed and I need guide him to extract the public sign key for app authentication. Is there a way to extract the public sign key from command line?


Solution

  • The keystore that is used to hold the key used to sign your APK is just a normal Java keystore in JKS format, which can be manipulated using the standard Java "keytool" command. You can extract the certificate in PEM format by doing something like:

    keytool -exportcert -keystore keystore_name -alias alias_name -rfc > cert.txt
    

    (where "keystore_name" is the name of the keystore file, and "alias_name" is the key alias for the key being used to sign the APK)

    and then extract the public key from the "cert.txt" file you just created, by doing something like:

    openssl x509 -in cert.txt -pubkey -noout
    

    The public key you need will appear between the "-----BEGIN PUBLIC KEY-----" and "-----END PUBLIC KEY-----" lines.

    If you wanted to do it in a single command, something like:

    keytool -exportcert -keystore keystore_name -alias alias_name -storepass keystore_password -rfc | openssl x509 -pubkey -noout | grep -v PUBLIC
    

    would extract and print just the public key, so that you could capture it in a shell variable or something.