Convert CRT to BKS

CRT and BKS are both types of certificate formats used to store cryptographic information, such as public and private keys. CRT stands for “Certificate,” while BKS stands for “Bouncy Castle Keystore.”
Table of Contents
The Basic of Key Type
- CRT File = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems
- CER File= alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
- .KEY File = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.
The only time CRT File and CER File can safely be interchanged is when the encoding type can be identical.
(ie PEM encoded CRT = PEM encoded CER) BKS file is required for Android devices. Now let’s talk about converting CRT to BKS, Now as per my finding there are two ways to do this, In both methods, you require JAVA in your machine, you must have java installed for it to run. If you do not already have java downloaded it and then follow any one of these methods:
Method 1 : (Using Portecle)
- Portecle can be downloaded from Sourceforge by clicking HERE
- Click Download.
- The portecle.zip will be downloaded.
- Right-click on the compressed portecle.zip folder and select Extract All… to extract all files to a location of your choice.
- In the extracted portecle folder click on the portecle.jar to open the Portecle java executable jar file application.
Depending on your environment on your system you may need to right-click the portecle.jar file and choose open with.. and Select Java(™) Platform
using Portecle Java application to convert :
Note: When navigating portecle, in the lower left of the application you will typically find information pertaining to the Keystore, or information pertaining to its functions when mousing over those functions.
Step 1: From the File menu, choose New Keystore. Alternatively, click on the New Keystore toolbar Icon button
Step 2: Once you do that, an option under tools will get activated. use tools >> import trusted the certificate. You will see a notification window ” Could not establish trust path for the certificate. the certificate information will now be displayed after which you may confirm whether or not trust the certificate”

Step 3: After you verify everything in the certificate, click on “Yes” in the next window. You will get import successful message.

Step 4: Goto tools >> change keystore type >> BKS

In any case, if BKC option shows disabled, click on JKS and repeat the steps above.
Step 5: go to File >> Save Keystore As >> (It will ask password) provide your desired password >> save file as .bks extension. Here your BKS file is now ready to be imported into your next secure mobile app.
Method 2: (Java Keystore)
A certificate in CRT format can be converted to BKS format using the Bouncy Castle Java library. The library provides a JcaCertStore
class that can be used to convert a CRT file to a BKS file.
Here is an example of how to convert a CRT file to a BKS file using the Bouncy Castle library in Java:
import java.io.*;
import java.security.*;
import java.security.cert.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.*;
public class ConvertCRTtoBKS {
public static void main(String[] args) {
if (args.length != 3) {
System.out.println("Usage: ConvertCRTtoBKS ");
System.exit(1);
}
String crtFile = args[0];
String bksFile = args[1];
String password = args[2];
try {
// Add the Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());
// Load the CRT file
PEMReader pemReader = new PEMReader(new InputStreamReader(new FileInputStream(crtFile)));
X509Certificate cert = (X509Certificate) pemReader.readObject();
pemReader.close();
// Create a KeyStore and add the certificate
KeyStore ks = KeyStore.getInstance("BKS");
ks.load(null, null);
ks.setCertificateEntry("cert-alias", cert);
// Save the KeyStore to a BKS file
FileOutputStream fos = new FileOutputStream(bksFile);
ks.store(fos, password.toCharArray());
fos.close();
System.out.println("Successfully converted " + crtFile + " to " + bksFile);
} catch (Exception e) {
e.printStackTrace();
}
}
}
You can run this code by providing the path of CRT file, BKS file and a password to be used on command line
java ConvertCRTtoBKS mycert.crt mykeystore.bks mypassword
Please be aware that this is a basic example provided for educational purposes, In production environment make sure to implement proper input validation and security best practices.
Sign up for email updates covering blogs, offers, and lots more.
Subscribe: Trusted By 1M+ Readers
Get the weekly Tech Update straight to your inbox.