Search code examples
javaencryptionaesjks

Not able to store key in .jks file.I am using AES 256 algorithm and GCM mode


keytool -genseckey -alias aes256key -keyalg AES -keysize 256 -storetype JKS -keystore keystore.jks -storepass changeit -keypass changeit

Solution

  • Tried running the command and received the following error:

    keytool error: java.security.KeyStoreException: Cannot store non-PrivateKeys

    You are trying to store a symmetric key inside a JKS keystore type. JKS only allows storing asymmetric keys (public-private key pairs). If you want to store a symmetric key, try using another keystore type, like JCEKS.

    keytool -genseckey -alias aes256key -keyalg AES -keysize 256 -storepass changeit -keypass changeit -storetype JCEKS -keystore keystore.jceks
    

    The -storetype JCEKS does the magic in the command above.

    Additionally, you could generate asymmetric keys via the -genkeypair argument. Keep in mind, -genseckey generates symmetric keys, while the other one generates public-private key pairs.