Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
"keytool -printcert" Printing Certificate Details
This section provides a tutorial example on how to print details of the certificate exported by 'keytool -exportcert' command using the 'keytool -printcert' command.
With the "keytool -exportcert" command, I got a certificate, herong.crt, exported from the PrivateKeyEntry of my key pair. Now I want see some details of this certificate with the "keytool -printcert" command as shown below:
herong> keytool -printcert -file herong.crt Owner: CN=Herong Yang, OU=Herong Unit, O=Herong Company, L=Herong City, ST=Herong State, C=CA Issuer: CN=Herong Yang, OU=Herong Unit, O=Herong Company, L=Herong City, ST=Herong State, C=CA Serial number: 46aa6511 Valid from: Sun Apr 1 17:35:13 EDT 2007 until: Sat Jun 30 17:35:13 EDT 2007 Certificate fingerprints: MD5: 0C:54:AE:99:4E:3D:F7:A9:79:1A:93:83:0F:EF... SHA1: CA:23:1C:D4:F9:74:84:4C:16:F7:E7:AB:B1:08... Signature algorithm name: SHA1withDSA Version: 3
OK. Now I know that:
After this test, I read the Java manual again. It explains what exactly "keytool -genkeypair" does clearly: "Generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v3 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias."
So the "PrivateKeyEntry" in the keystore file has two components: my key pair and my self-signed public key certificate.
The "keytool -exportcert" command only exports the self-signed certificate. The key pair will not be exported.
The next question is that could this certificate generated by "keytool" be viewed by "OpenSSL"? See the next section for answers.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
►Migrating Keys from "keystore" to "OpenSSL" Key Files
No "keytool" Command to Export Keys
"keytool -genkeypair" Generating PrivateKeyEntry
"keytool -exportcert" Exporting PrivateKeyEntry
►"keytool -printcert" Printing Certificate Details
"openssl x509" Viewing Certificate Details
"DumpKey.java" Dumping Private Keys Out of "keystore"
"openssl enc" Converting Keys from Binary to PEM
"openssl dsa" Viewing Private and Public Key Pair
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"