Keytool Operations
Jump to navigation
Jump to search
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
TODO
https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Keytool
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command. The private key thus generated can be used in the procedure to generate digitally signed certificates.
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg RSA \ -keysize 2048 \ -dname "cn=home.feodorov.com, ou=oceanlab, o=feodorov.com, l=Menlo Park, st=CA, c=US" \ -keystore ./test-keystore.jks \ -storepass something
For more general considerations on private keys, see:
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command. This step is part of the procedure to generate digitally signed certificates.
keytool \ -certreq \ -alias jce-provider-signing-key \ -file novaordis-jce-provider2.csr \ -keystore ./jce-provider-signing-keystore.jks \ -storepass somepass
Inspect a Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Inspect a Keystore
keytool -list -v -keystore ./test-keystore.jks
Import into a Keystore
Import a Private Key into a Keystore
Import a Certificate into a Keystore
Delete from a Keystore
Delete a Private Key from a Keystore
keytool -delete -alias name-of-entry-to-delete -keystore ./test-keystore.jks
Delete a Certificate from a Keystore
Change the Alias of an Entry
keytool -changealias -alias old-name -destalias new-name -keystore ./test-keystore.jks
Key Format Conversions
Native to PKCS#12
Keys in PKCS#12 format can be generated with:
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname