EC Cryptography Tutorials - Herong's Tutorial Examples - v1.02, by Dr. Herong Yang
"keytool -keyalg EC" - Generate EC Key Pair
This section provides a tutorial example on how to use 'keytool' provided in JDK (Java Development Kit) package to generate EC private-public key pairs using the the 'keytool -genkeypair -keyalg EC' command.
What Is "keytool"? "keytool" is a cryptography tool provided in the JDK (Java Development Kit) package. It allows you to generate private-public key pairs and manage certificates using different technologies, including EC cryptography.
If you have JDK installed on your computer, you can follow this tutorial to generate EC private-public key pairs using the "keytool -genkeypair -keyalg EC" command.
1. Generate an EC private-public key pair and save it in a Keystore file, herong.jks. As you can see from the output, a 256 bit EC key pair is generated from the elliptic curve called "secp256r1". The public key is also packaged in a self-signed certificate.
herong> keytool -genkeypair -keyalg EC -alias 1st_ec -keystore herong.jks Enter keystore password: HerongJKS Re-enter new password: HerongJKS What is your first and last name? [Unknown]: Herong What is the name of your organizational unit? [Unknown]: My Unit What is the name of your organization? [Unknown]: My Home What is the name of your City or Locality? [Unknown]: My City What is the name of your State or Province? [Unknown]: My State What is the two-letter country code for this unit? [Unknown]: US Is CN=Herong, OU=My Unit, O=My Home, L=My City, ST=My State, C=US correct? [no]: yes Generating 256 bit EC (secp256r1) key pair and self-signed certificate (SHA256withECDSA) with a validity of 90 days for: CN=Herong, OU=My Unit, O=My Home, L=My City, ST=My State, C=US herong> dir 1,190 herong.jks ... ...
2. List contents in the Keystore file, herong.jks. The output shows 1 PrivateKeyEntry, "1st_ec", which holds the EC private-public key pair and a self-signed certificate.
herong> keytool -list -keystore herong.jks -storepass HerongJKS Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry 1st_ec, Jan 1, 2022, PrivateKeyEntry, Certificate fingerprint (SHA-256): 11:04:17:D5:BE:BC:B7:46:D2:B6:...
3. Extract the self-signed certificate into to certificate file, 1st_ec.crt.
herong> keytool -export -alias 1st_ec -file 1st_ec.crt \ -keystore herong.jks -storepass HerongJKS herong> dir 1,190 herong.jks 499 1st_ec.crt
4. Print summary of the certificate. The output confirms that the public key is a 256-bit EC (secp256r1) key.
herong> keytool -printcert -file 1st_ec.crt Owner: CN=Herong, OU=My Unit, O=My Home, L=My City, ST=My State, C=US Issuer: CN=Herong, OU=My Unit, O=My Home, L=My City, ST=My State, C=US Serial number: c19df5ff30423d7d Valid from: Jan 1 14:35:36 CST 2022 until: Apr 1 14:35:36 CST 2022 Certificate fingerprints: SHA1: 87:96:0A:13:C1:3E:DA:48:AC:9B:25:4E:2B:42:AD:12:C2:3B:40:0C SHA256: 11:04:17:D5:BE:BC:B7:46:D2:B6:... Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC (secp256r1) key Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ ... ] ]
What you can do this EC private-public key pair in the Keystore file:
Table of Contents
Geometric Introduction to Elliptic Curves
Algebraic Introduction to Elliptic Curves
Abelian Group and Elliptic Curves
Discrete Logarithm Problem (DLP)
Generators and Cyclic Subgroups
tinyec - Python Library for ECC
ECDH (Elliptic Curve Diffie-Hellman) Key Exchange
ECDSA (Elliptic Curve Digital Signature Algorithm)
ECES (Elliptic Curve Encryption Scheme)
►"keytool -keyalg EC" - Generate EC Key Pair
"keytool -groupname ..." - Select Curve Name
Java Program to Generate EC Keys