Skip to content

Convert CRT to BKS

Convert CRT to BKS for Android app that requires SSL client authentication supports the BKS format. This article will help you understand BKS (BouncyCastle) & converting from CRT.
Reading Time: 4 minutes
installing ssl on android

CRT and BKS are both types of certificate formats used to store cryptographic information, such as public and private keys. CRT stands for “Certificate,” while BKS stands for “Bouncy Castle Keystore.”

Table of Contents

The Basic of Key Type

  • CRT File = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous.  Most common among *nix systems
  • CER File= alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer)  The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
  • .KEY File = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.

 The only time CRT File and CER File can safely be interchanged is when the encoding type can be identical. 

(ie  PEM encoded CRT = PEM encoded CER)  BKS file is required for Android devices. Now let’s talk about converting CRT to BKS, Now as per my finding there are two ways to do this, In both methods, you require JAVA in your machine,  you must have java installed for it to run. If you do not already have java downloaded it  and then follow any one of these methods:

Method 1 : (Using Portecle)

  1. Portecle can be downloaded from Sourceforge by clicking HERE
  2. Click Download.
  3. The will be downloaded.
  4. Right-click on the compressed folder and select Extract All… to extract all files to a location of your choice.
  5. In the extracted portecle folder click on the portecle.jar to open the Portecle java executable jar file application.

using Portecle Java application to convert : 

Note: When navigating portecle, in the lower left of the application you will typically find information pertaining to the Keystore, or information pertaining to its functions when mousing over those functions.

Step 1: From the File menu, choose New Keystore. Alternatively, click on the New Keystore toolbar Icon button

Step 2: Once you do that, an option under tools will get activated. use tools >> import trusted the certificate. You will see a notification window ” Could not establish trust path for the certificate. the certificate information will now be displayed after which you may confirm whether or not trust the certificate”

Step 3: After you verify everything in the certificate, click on “Yes” in the next window. You will get import successful message.

Step 4: Goto tools >> change keystore type >> BKS

Step  5: go to File >> Save Keystore As >> (It will ask password) provide your desired password >> save file as .bks extension. Here your BKS file is now ready to be imported into your next secure mobile app.

Method 2: (Java Keystore)​

A certificate in CRT format can be converted to BKS format using the Bouncy Castle Java library. The library provides a JcaCertStore class that can be used to convert a CRT file to a BKS file.

Here is an example of how to convert a CRT file to a BKS file using the Bouncy Castle library in Java:

import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class ConvertCRTtoBKS {
    public static void main(String[] args) {
        if (args.length != 3) {
            System.out.println("Usage: ConvertCRTtoBKS <CRT file> <BKS file> <password>");

        String crtFile = args[0];
        String bksFile = args[1];
        String password = args[2];

        try {
            // Add the Bouncy Castle provider
            Security.addProvider(new BouncyCastleProvider());

            // Load the CRT file
            PEMReader pemReader = new PEMReader(new InputStreamReader(new FileInputStream(crtFile)));
            X509Certificate cert = (X509Certificate) pemReader.readObject();

            // Create a KeyStore and add the certificate
            KeyStore ks = KeyStore.getInstance("BKS");
            ks.load(null, null);
            ks.setCertificateEntry("cert-alias", cert);

            // Save the KeyStore to a BKS file
            FileOutputStream fos = new FileOutputStream(bksFile);
  , password.toCharArray());

            System.out.println("Successfully converted " + crtFile + " to " + bksFile);
        } catch (Exception e) {


You can run this code by providing the path of CRT file, BKS file and a password to be used on command line

					java ConvertCRTtoBKS mycert.crt mykeystore.bks mypassword


Please be aware that this is a basic example provided for educational purposes, In production environment make sure to implement proper input validation and security best practices.

Shashi kant Pandidhar
Shashi kant Pandidhar
I’ve been helping businesses to be online for over 15 years. Today my team and I, focus on helping real businesses to overcome real-life challenges and analyse data in a way that can help businesses grow in the right direction of this digital age.
Leave a Comment
Get the latest news and deals

Sign up for email updates covering blogs, offers, and lots more.

Get In Touch With Us

Subscribe: Trusted By 1M+ Readers

Get the weekly Tech Update straight to your inbox.

WeCreativez WhatsApp Support
Our customer sales team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?

Have a query ? Or looking for solution on your complex server architecture. 
No matter what is your query, We are here to listen. Just fill up the details and we will get in touch with you.