Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
"keytool" Exporting Certificates in DER and PEM
This section provides a tutorial example on how to export certificates in DER and PEM format using the 'keytool -exportcert' command.
My first test was about "keytool" exporting certificates in DER and PEM formats. This was done as:
The test session was recorded below:
herong> keytool -genkeypair -keysize 1024 -alias herong_key \ -keypass keypass -keystore herong.jks -storepass jkspass What is your first and last name? [Unknown]: Herong Yang What is the name of your organizational unit? [Unknown]: Herong Unit What is the name of your organization? [Unknown]: Herong Company What is the name of your City or Locality? [Unknown]: Herong City What is the name of your State or Province? [Unknown]: Herong State What is the two-letter country code for this unit? [Unknown]: CA Is CN=Herong Yang, OU=Herong Unit, O=Herong Company, L=Herong City, ST=Herong State, C=CA correct? [no]: yes herong> keytool -exportcert -alias herong_key -keypass keypass \ -keystore herong.jks -storepass jkspass -file keytool_crt.der Certificate stored in file <keytool_crt.der> herong> keytool -exportcert -alias herong_key -keypass keypass \ -keystore herong.jks -storepass jkspass -rfc -file keytool_crt.pem Certificate stored in file <keytool_crt.pem>
Note that "keytool -exportcert" command uses DER format by default. The "-rfc" option is to change it to PEM (RFC 1421) format.
Now I got one certificate generated by "keytool" and stored in two encoding files: keytool_crt.der and keytool_crt.pem. How can I verify that they are really using DER and PEM formats? I used "OpenSSL" to try to view them as described in the next section.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
►Certificate X.509 Standard and DER/PEM Formats
What Is DER (Distinguished Encoding Rules) Encoding?
What Is PEM (Privacy Enhanced Mail) Encoding?
►"keytool" Exporting Certificates in DER and PEM
"OpenSSL" Viewing Certificates in DER and PEM
"OpenSSL" Generating Certificates in DER and PEM
"keytool" Viewing Certificates in DER and PEM
"keytool" Importing Certificates in DER and PEM
Migrating Keys from "OpenSSL" Key Files to "keystore"