Keytool Operations: Difference between revisions
Jump to navigation
Jump to search
(23 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=External= | |||
* https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6 | |||
=Internal= | =Internal= | ||
* [[keytool#Subjects|keytool]] | * [[keytool#Subjects|keytool]] | ||
=TODO= | |||
https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Keytool | |||
=Generate a Public/Private Key Pair= | |||
A [[Public_Key_Security#Key_Pair|key pair]] can be generated and placed in the keystore with the following command. The private key thus generated can be used in the [[Public_Key_Security#Generate_the_Private_Key |procedure to generate digitally signed certificates]]. | |||
keytool \ | |||
-genkeypair \ | |||
-alias jce-provider-signing-key \ | |||
-keyalg RSA \ | |||
-keysize 2048 \ | |||
-dname "cn=home.feodorov.com, ou=oceanlab, o=feodorov.com, l=Menlo Park, st=CA, c=US" \ | |||
-keystore ./test-keystore.jks \ | |||
-storepass something | |||
For more general considerations on private keys, see: {{Internal|Public_Key_Security#Private_Key|Private Keys}} | |||
=Generate a Certificate Signing Request= | =Generate a Certificate Signing Request= | ||
A [[Public_Key_Security#Certificate_Signing_Request_.28CSR.29|certificate signing request]] can be generated with the following command. This step is part of the [[Public_Key_Security#Create_the_Certificate_Signing_Request|procedure to generate digitally signed certificates]]. | |||
A [[Public_Key_Security#Certificate_Signing_Request_.28CSR.29|certificate signing request]] can be generated with the following command | |||
keytool -certreq -alias jce-provider-signing-key -file novaordis-jce-provider2.csr -keystore ./jce-provider-signing-keystore.jks -storepass | keytool \ | ||
-certreq \ | |||
-alias jce-provider-signing-key \ | |||
-file novaordis-jce-provider2.csr \ | |||
-keystore ./jce-provider-signing-keystore.jks \ | |||
-storepass somepass | |||
=Inspect | =<span id='Inspect_the_Certificate'></span>Inspect a Certificate= | ||
The [[Public_Key_Security#Certificate|certificate]] data can be displayed with: | The [[Public_Key_Security#Certificate|certificate]] data can be displayed with: | ||
Line 18: | Line 44: | ||
It accepts certificates in [[Public_Key_Security#PEM|PEM]] format. | It accepts certificates in [[Public_Key_Security#PEM|PEM]] format. | ||
=Inspect a Keystore= | |||
keytool -list -v -keystore ./test-keystore.jks | |||
=Import into a Keystore= | |||
==Import a Private Key into a Keystore== | |||
==Import a Certificate into a Keystore== | |||
=Delete from a Keystore= | |||
==Delete a Private Key from a Keystore== | |||
keytool -delete -alias ''name-of-entry-to-delete'' -keystore ./test-keystore.jks | |||
==Delete a Certificate from a Keystore== | |||
=Change the Alias of an Entry= | |||
keytool -changealias -alias ''old-name'' -destalias ''new-name'' -keystore ./test-keystore.jks | |||
=Key Format Conversions= | |||
==Native to PKCS#12== | |||
Keys in [[Public_Key_Security#PKCS.2312|PKCS#12]] format can be generated with: | |||
keytool \ | |||
-importkeystore \ | |||
-srckeystore saml.keystore \ | |||
-destkeystore ./test-pvtkey.p12 \ | |||
-deststoretype PKCS12 \ | |||
-srcstorepass somepass \ | |||
-deststorepass someotherpass \ | |||
-srckeypass yetanotherpass \ | |||
-destkeypass someotherpass2 \ | |||
-srcalias myhostname |
Latest revision as of 03:48, 9 April 2018
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
TODO
https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Keytool
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command. The private key thus generated can be used in the procedure to generate digitally signed certificates.
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg RSA \ -keysize 2048 \ -dname "cn=home.feodorov.com, ou=oceanlab, o=feodorov.com, l=Menlo Park, st=CA, c=US" \ -keystore ./test-keystore.jks \ -storepass something
For more general considerations on private keys, see:
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command. This step is part of the procedure to generate digitally signed certificates.
keytool \ -certreq \ -alias jce-provider-signing-key \ -file novaordis-jce-provider2.csr \ -keystore ./jce-provider-signing-keystore.jks \ -storepass somepass
Inspect a Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Inspect a Keystore
keytool -list -v -keystore ./test-keystore.jks
Import into a Keystore
Import a Private Key into a Keystore
Import a Certificate into a Keystore
Delete from a Keystore
Delete a Private Key from a Keystore
keytool -delete -alias name-of-entry-to-delete -keystore ./test-keystore.jks
Delete a Certificate from a Keystore
Change the Alias of an Entry
keytool -changealias -alias old-name -destalias new-name -keystore ./test-keystore.jks
Key Format Conversions
Native to PKCS#12
Keys in PKCS#12 format can be generated with:
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname