Keytool Operations: Difference between revisions
Jump to navigation
Jump to search
(5 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
* [[keytool#Subjects|keytool]] | * [[keytool#Subjects|keytool]] | ||
=TODO= | |||
https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Keytool | |||
=Generate a Public/Private Key Pair= | =Generate a Public/Private Key Pair= | ||
Line 16: | Line 20: | ||
-keyalg RSA \ | -keyalg RSA \ | ||
-keysize 2048 \ | -keysize 2048 \ | ||
-dname "cn= | -dname "cn=home.feodorov.com, ou=oceanlab, o=feodorov.com, l=Menlo Park, st=CA, c=US" \ | ||
-keystore ./test-keystore.jks \ | -keystore ./test-keystore.jks \ | ||
-storepass | -storepass something | ||
For more general considerations on private keys, see: {{Internal|Public_Key_Security#Private_Key|Private Keys}} | For more general considerations on private keys, see: {{Internal|Public_Key_Security#Private_Key|Private Keys}} | ||
Line 50: | Line 54: | ||
==Import a Certificate into a Keystore== | ==Import a Certificate into a Keystore== | ||
=Delete from a Keystore= | |||
==Delete a Private Key from a Keystore== | |||
keytool -delete -alias ''name-of-entry-to-delete'' -keystore ./test-keystore.jks | |||
==Delete a Certificate from a Keystore== | |||
=Change the Alias of an Entry= | |||
keytool -changealias -alias ''old-name'' -destalias ''new-name'' -keystore ./test-keystore.jks | |||
=Key Format Conversions= | =Key Format Conversions= |
Latest revision as of 03:48, 9 April 2018
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
TODO
https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Keytool
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command. The private key thus generated can be used in the procedure to generate digitally signed certificates.
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg RSA \ -keysize 2048 \ -dname "cn=home.feodorov.com, ou=oceanlab, o=feodorov.com, l=Menlo Park, st=CA, c=US" \ -keystore ./test-keystore.jks \ -storepass something
For more general considerations on private keys, see:
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command. This step is part of the procedure to generate digitally signed certificates.
keytool \ -certreq \ -alias jce-provider-signing-key \ -file novaordis-jce-provider2.csr \ -keystore ./jce-provider-signing-keystore.jks \ -storepass somepass
Inspect a Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Inspect a Keystore
keytool -list -v -keystore ./test-keystore.jks
Import into a Keystore
Import a Private Key into a Keystore
Import a Certificate into a Keystore
Delete from a Keystore
Delete a Private Key from a Keystore
keytool -delete -alias name-of-entry-to-delete -keystore ./test-keystore.jks
Delete a Certificate from a Keystore
Change the Alias of an Entry
keytool -changealias -alias old-name -destalias new-name -keystore ./test-keystore.jks
Key Format Conversions
Native to PKCS#12
Keys in PKCS#12 format can be generated with:
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname