Based on your filenames, it looks like you may have a PGP key. Is that correct?
These may work with PGP as well, but for a non-PGP key, I would extract the public key with these commands:
openssl pkcs12 -in mykeystore.p12 -clcerts -nokeys -out mycert.pem
openssl x509 -pubkey -in mycert.pem -noout > mypubkey.pem
The -nokeys
option prevents the output of private keys.
If you're using Windows and the above command is stuck, try adding winpty
before openssl
:
winpty openssl pkcs12 -in mykeystore.p12 -clcerts -nokeys -out mycert.pem
Public keys and certificates can generally be given out freely without a problem. You obviously don't want to give out the private key, but the public parts are fine.
One thing to note though...most of the time, you want to give out the certificate, not just the key by itself. The certificate (obtained from the first command above) contains the public key and contains a signature by someone who is associating that key with a particular identity.
For example, Verisign will sign a certificate containing your public key. You can then give this certificate to your friends, and since they trust Verisign, they know that is indeed your public key.
If you just email your public key to your friends, there is a possibility someone could intercept the public key and place their own key in the email before it got to your friends. They would mistakenly think they had your key when they had someone else's key. If they tried to encrypt with it, that person would be able to decode everything.
So if you don't use a certificate, at least verify your friends got the correct key by confirming the hash of the key by telephone or in person.