How to tell if a keystore entry is a keypair or just a public

Here's how to tell if a certificate store entry is a personal cert (i.e a public/ private keypair) or just a signer (i.e. a public key)

You could just use a GUI like iKeyman, but if you're stuck without an X server here's the command line version using keytool

A keypair output is as follows (the important part for this particular question is highlighted in red)

java/jre/bin/keytool -list -v -alias test1 -keystore /tmp/foo.jks -storepass password


Alias name: test1
Creation date: 09-Jul-2013
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=test1
Issuer: CN=test1
Serial number: 51dc2cee
Valid from: 09/07/13 16:31 until: 09/07/14 16:31
Certificate fingerprints:
         MD5:  C1:52:E0:CF:46:88:16:19:EC:7D:EF:0F:D7:6C:BA:6F
         SHA1: 17:73:9E:2F:F6:DC:F0:55:72:5F:06:71:83:64:30:AE:AC:20:BD:7A


and now for a signer
java/jre/bin/keytool -list -v  -alias ldap_signer -keystore ~/ihs/Plugins/etc/plugin-key.kdb -storepass WebAS -storetype kdb

Alias name: ldap_signer
Creation date: null
Entry type: trustedCertEntry
Owner: CN=ldapeu2.uk.db.com, OU=Directory Services, O=Deutsche Bank, L=London, ST=England, C=GB
Issuer: CN=foo, OU=Directory Services, O=Tangerine Labs, L=London, ST=England, C=UK
Serial number: dd
Valid from: 07/06/10 15:45 until: 04/06/20 15:45
Certificate fingerprints:
         MD5:  92:75:9A:29:36:9C:10:10:64:DF:0F:2B:2F:DD:A5:25
         SHA1: B6:5C:3E:23:F8:C2:B0:B8:D7:99:E3:1F:CE:83:12:53:03:33:FA:CC