KeyStore
A storage/repository to store/retrieve key entries based on a provider format. This entry can be stored in three different format
- KeyStore.PrivateKeyEntry
- represents Privatekey entry which will be stored and protected from unauthorized access. This key used to singing and decrypting the message. This key is accompanied by a Publickey.
- KeyStore.SecretKeyEntry
- entry holds javax.crypto.SecretKey
- KeyStore.TrustedCertificateEntry
- entry contains a single public key Certificate belonging to another party
KeyTool
As part of JAVA SE, the keytool is shipped which helps to create keystore, import/export/print certificates and etc.,. Following are the list of operations possible to using keytool
- -certreq
- -changealias
- -delete
- -exportcert
- -genkeypair
- -genseckey
- -help
- -importcert
- -importkeystore
- -keypasswd
- -list
- -printcert
- -storepasswd
Sample Keystore
Create keystore with RSA algorithm, where JAVA_HOME/bin folder is set in PATH environment variable
keytool -genkey -keystore keystore.jks -keyalg rsa -alias mykey
Enter keystore password: welcome1
Re-enter new password: welcome1
What is your first and last name?
[Unknown]: my.org
What is the name of your organizational unit?
[Unknown]: myorg
What is the name of your organization?
[Unknown]: myorg
What is the name of your City or Locality?
[Unknown]: blr
What is the name of your State or Province?
[Unknown]: ka
What is the two-letter country code for this unit?
[Unknown]: in
Is CN=my.org, OU=myorg, O=myorg, L=blr, ST=ka, C=in correct?
[no]: yes
Enter key password for <mykey>
(RETURN if same as keystore password): welcome2
Re-enter new password: welcome2
- Export Certificate
- keytool -export -alias mykey -keystore keystore.jks -keyalg rsa -file myorg_public.cer
- Import Certificate
- keytool -import -alias mykey -keystore keystore.jks -keyalg rsa -file myorg_public.cer
- List Certificate
- keytool -list -keystore keystore.jks -keyalg rsa
- JarSigner - If we want to ship jars and monitor that whether it get tempared in medium.
- jarsigner -keystore keystore.jks -storepass welcome1 -keypass welcome2 -signedjar smycode.jar mycode.jar mykey
KeyStore in JAVA Object
java.security.KeyStore class loads keysore file and provides APIs to do the above listed operations.
private KeyStore getKeyStore()
{
try
{
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystore.jks"), "welcome1");
return ks;
}catch (Exception e)
{
System.out.println(e.getLocalizedMessage());
}
return null;
}
Oracle PKI key store will be loaded using following code
private KeyStore getOracleKeyStore()
{
try
{
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
KeyStore ks = KeyStore.getInstance("PKCS12", "OraclePKI");
ks.load(new FileInputStream("keystore.jks"), "welcome1");
return ks;
}catch (Exception e)
{
System.out.println(e.getLocalizedMessage());
}
return null;
}
While creating keystore file, we have to pass oracle.security.pki.OraclePKIProvider as a provider class to the keytool command.
Sun Key Store:
keytool -genkey -keystore keystore.jks -keyalg rsa -alias mykey -providerName SUN -providerClass sun.security.provider.Sun
1 comment:
How to run keytool command using java command Runtime.getRuntime().exec(keytool -genkey ...) ?
Post a Comment