Skip to content

Instantly share code, notes, and snippets.

@atomicsamurai

atomicsamurai/symKeyExtract.groovy

Last active July 3, 2025 22:58
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save atomicsamurai/4a3561ffaa59b1847ccf4512f6d7b466 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save atomicsamurai/4a3561ffaa59b1847ccf4512f6d7b466 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
symKeyExtract.groovy
import java.security.*;
import java.io.*;
import javax.crypto.*;
import java.util.*;
KeyStore ks = KeyStore.getInstance("JCEKS");
Scanner in = new Scanner(System.in);
System.out.println("On prem keystore file (full path): ");
String filename = in.nextLine();
System.out.println("Keystore password: ");
String keystorepass = in.nextLine();
System.out.println("Symmetric key alias (example: \"openidm-sym-default\"): ");
String alias = in.nextLine();
System.out.println("Key password (enter if same as keystore password): ");
String keypass = in.nextLine();
if(keypass == "") {
keypass = keystorepass;
}
//System.out.printf("file: %s, ks pass: %s, alias: %s, key pass: %s\n", filename, keystorepass, alias, keypass)
ks.load(new FileInputStream(new File(filename)), keystorepass.toCharArray());
SecretKey key = (SecretKey) ks.getKey(alias, keypass.toCharArray());
// System.out.println("format: " + key.getFormat());
String extractedKey = new String(Base64.getEncoder().encodeToString(key.getEncoded()));
// String pemKey = "-----BEGIN AES SECRET KEY-----\n"+extractedKey+"\n-----END AES SECRET KEY-----";
// System.out.printf("pem encoded value for ESV secret:\n%s", new String(Base64.getEncoder().encodeToString(pemKey.getBytes())));
System.out.printf("Value for ESV secret:\n%s\n", new String(Base64.getEncoder().encodeToString(extractedKey.getBytes())));
// def keyFile = new File("extracted-sym.key")
// keyFile.write(pemKey)
// System.out.println("\nkey saved as \"extracted-sym.key\"");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment