External

• https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6

Internal

• keytool

Generate a Public/Private Key Pair

A key pair can be generated and placed in the keystore with the following command:

keytool \
   -genkeypair \
   -alias jce-provider-signing-key \
   -keyalg DSA \
   -keysize 1024 \
   -dname "cn=Nova Ordis LLC, ou=Java Software Code Signing, o=Sun Microsystems Inc" \
   -keystore ./test-keystore.jks \
   -storepass n7ejfh2jef234rBe

Generate a Certificate Signing Request

A certificate signing request can be generated with the following command:

keytool -certreq -alias jce-provider-signing-key -file novaordis-jce-provider2.csr -keystore ./jce-provider-signing-keystore.jks -storepass n7ejfh2jef234rBe

Inspect the Certificate

The certificate data can be displayed with:

keytool -printcert -v -file ./test-cert.pem

It accepts certificates in PEM format.

Key Format Conversions

Native to PKCS#12

Keys in PKCS#12 format can be generated with:

keytool \
   -importkeystore \
   -srckeystore saml.keystore \
   -destkeystore ./test-pvtkey.p12 \
   -deststoretype PKCS12 \
   -srcstorepass somepass \
   -deststorepass someotherpass \
   -srckeypass yetanotherpass \
   -destkeypass someotherpass2 \
   -srcalias myhostname