Migrate JKS keystore from Unity Android Project to PKCS12 format

The previous article was about How configure the Keystore and generate SHA1 fingerprint for Unity Android Project.

At the end of the post, I promised you, that I will show you way to get rid of warning, when you generated certificate fingerprints.

So, this post will be about how migrate JKS keystore to PKCS12 format.

The warning looks something like this:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore yourkeystoredestination\yourkeystorename.keystore -destkeystore yourkeystoredestination\yourkeystorename.keystore -deststoretype pkcs12".

Firstly, what is the JKS or PKCS12?

The keystore created through Unity uses the JKS format. JKS is the default keystore type in the Java security provider. Java applications typically expect to get the keys they need from JKS. But this format is not accessible from outside Java. PKCS12 or PFX is cryptographic format for storing cerificates and private keys in language-neutral way.



Migrate keystore from JKS to PKCS12 format

If you want to migrate your keystore from JKS to PKCS12 format, do these steps.

1.   Write into command prompt this line:

keytool -importkeystore -srckeystore yourkeystoredestination\yourkeystorename.keystore -destkeystore yourkeystoredestination\yourkeystorename.keystore -deststoretype pkcs12

2.   Enter your source keystore password and key password

This should be work. If you got this error:

Keytool error: java.lang.Exception: The destination pkcs12 keystore has different storepass and keypass. Please retry with –destkeypass specified.

3.   Add –destkeypass into command above and choose your password

keytool -importkeystore -srckeystore C:\MeTvorba\UnityProjects\Tests\SHA1Game\Key\testuser.keystore -destkeystore C:\MeTvorba\UnityProjects\Tests\SHA1Game\Key\testuser.keystore -deststoretype pkcs12 -destkeypass yourpassword

4.   Again enter your source keystore password and key password.


You migrated your keystore from JKS to PKCS12 format. Also, the JKS keystore is backed up.
Now try generate SHA1 fingerprint, everything should run without warnings.


And it is done. I hope that you like this article with video and see you in other one.


Thank you for reading and do not forget subscribe!

Peter Sekera

Indie game hobbyist, software developer and graphic designer. Founder of Sekip Games.

Leave a Reply

Your email address will not be published. Required fields are marked *