Export privte key from keystore file

Export privte key
step 1
Use Java keytool to convert from JKS to P12
keytool -importkeystore \
-srckeystore keystore.jks \
-destkeystore keystore.p12 \
-deststoretype PKCS12 \
-srcalias <jkskeyalias> \
-deststorepass <password> \
-destkeypass <password>

step2
use openssl to export from P12 to certificatefile format Cer / PEM
2.1 Export certificate using openssl:
openssl pkcs12 -in keystore.p12 -nokeys -out cert.cer

2.2 Export Unencrypted private key:
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem

2.3 Export public key from certificate
openssl x509 -pubkey -noout -in cert.cer > pubkey.pem

— — — — — — — — — — — — — -
-Or you can online step gen x509cert and then gen Encrypted Privatekey file
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out your-cert.pem -days 365
-UnEncrypt privatekey file key.pem
openssl rsa -in key.pem -out keyunencrypt.pem
-and convert to cer file
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
-and you can export public key from cer /crt file
openssl x509 -pubkey -noout -in cert.cer > pubkey.pem
-convert private key pem file to PKCS8
openssl pkcs8 -topk8 -in openssl_key.pem -inform pem -out openssl_key_pk8.pem -outform pem -nocrypt

— Meanning of difference BEGIN RSA PRIVATE KEY and BEGIN PRIVATE KEY

BEGIN RSA PRIVATE KEY is PKCS#1 and is just an RSA key. It is essentially just the key object from PKCS#8, but without the version or algorithm identifier in front. BEGIN PRIVATE KEY is PKCS#8 and indicates that the key type is included in the key data itself. From the link: