"openssl dsa" Viewing Private and Public Key Pair

This section provides a tutorial example on how to view a private and public key pair stored in PEM format using the 'openssl dsa' command. The key pair was originally generated by the 'keytool -genkeypair' command.

After going through so much trouble of dumping the key pair out of the keystore file, encoding it with Base64, and making it to meet PEM file standard, finally I can view it with the "openssl dsa" command now:

>openssl dsa -in herong.key -text
read DSA key
Private-Key: (1024 bit)
priv:
    49:56:e8:f7:c5:c0:64:33:7d:45:9a:19:fa:58:b7:
    90:82:95:11:b9
pub:
    00:b0:61:2b:c1:88:0e:19:66:58:37:b5:bc:0f:78:
    88:f7:79:b5:fa:6c:cb:6c:b2:86:44:d8:b2:15:13:
    e3:09:dd:9c:5a:52:02:4a:fb:1c:30:e8:2b:b5:45:
    8f:88:5a:57:a9:1f:c0:b8:3d:1c:a1:a9:6f:20:76:
    a7:c0:eb:5e:df:bf:87:84:14:02:53:d5:87:c9:3a:
    13:9d:e8:45:4f:c6:2d:48:44:e2:80:18:63:e4:40:
    a1:f0:2c:e4:d2:86:34:8d:dd:93:92:42:1a:19:1d:
    0e:44:f6:a2:6d:94:1a:ed:d7:d2:94:7e:0b:26:88:
    a4:cb:c4:88:5b:56:49:2e:80
P:
    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
    f2:22:03:19:9d:d1:48:01:c7
Q:
    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
    84:0b:f0:58:1c:f5
G:
    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
    25:64:01:4c:3b:fe:cf:49:2a
writing DSA key
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
TDv+z0kqAoGBALBhK8GIDhlmWDe1vA94iPd5tfpsy2yyhkTYshUT4wndnFpSAkr7
HDDoK7VFj4haV6kfwLg9HKGpbyB2p8DrXt+/h4QUAlPVh8k6E53oRU/GLUhE4oAY
Y+RAofAs5NKGNI3dk5JCGhkdDkT2om2UGu3X0pR+CyaIpMvEiFtWSS6AAhRJVuj3
xcBkM31Fmhn6WLeQgpURuQ==
-----END DSA PRIVATE KEY-----

Wonderful! Here is what I learned from this exercise:

My private and public key pair, herong.key, dumped and converted from the "keytool" keystore file is now ready to be used by "OpenSSL" for signing any documents.

Last update: 2013.

Table of Contents

 About This Book

 Cryptography Terminology

 Cryptography Basic Concepts

 Introduction to AES (Advanced Encryption Standard)

 Introduction to DES Algorithm

 DES Algorithm - Illustrated with Java Programs

 DES Algorithm Java Implementation

 DES Algorithm - Java Implementation in JDK JCE

 DES Encryption Operation Modes

 DES in Stream Cipher Modes

 PHP Implementation of DES - mcrypt

 Blowfish - 8-Byte Block Cipher

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 Introduction of RSA Algorithm

 RSA Implementation using java.math.BigInteger Class

 Introduction of DSA (Digital Signature Algorithm)

 Java Default Implementation of DSA

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Cipher - Public Key Encryption and Decryption

 MD5 Mesasge Digest Algorithm

 SHA1 Mesasge Digest Algorithm

 OpenSSL Introduction and Installation

 OpenSSL Generating and Managing RSA Keys

 OpenSSL Managing Certificates

 OpenSSL Generating and Signing CSR

 OpenSSL Validating Certificate Path

 "keytool" and "keystore" from JDK

 "OpenSSL" Signing CSR Generated by "keytool"

Migrating Keys from "keystore" to "OpenSSL" Key Files

 No "keytool" Command to Export Keys

 "keytool -genkeypair" Generating PrivateKeyEntry

 "keytool -exportcert" Exporting PrivateKeyEntry

 "keytool -printcert" Printing Certificate Details

 "openssl x509" Viewing Certificate Details

 "DumpKey.java" Dumping Private Keys Out of "keystore"

 "openssl enc" Converting Keys from Binary to PEM

"openssl dsa" Viewing Private and Public Key Pair

 Certificate X.509 Standard and DER/PEM Formats

 Migrating Keys from "OpenSSL" Key Files to "keystore"

 Using Certificates in IE (Internet Explorer)

 Using Certificates in Firefox

 Using Certificates in Google Chrome

 Outdated Tutorials

 References

 PDF Printing Version