JDK Tutorials - Herong's Tutorial Examples - Version 6.00, by Dr. Herong Yang

"keytool -genkey" - Generating Keys and Self-Signed Certificates

This section provides a tutorial example on how to use the 'keytool -genkey' command to generate a new pair of keys and self-signed certificate in a new 'keystore' file.

In the first example, I want to try the "-genkeypair" command option:

>keytool -genkeypair -alias my_home -keystore herong.jks

Enter keystore password:  HerongJKS
What is your first and last name?
  [Unknown]:  Herong Yang
What is the name of your organizational unit?
  [Unknown]:  My Unit
What is the name of your organization?
  [Unknown]:  My Home
What is the name of your City or Locality?
  [Unknown]:  My City
What is the name of your State or Province?
  [Unknown]:  My State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is <CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My State, 
   C=US> correct?
  [no]:  yes
Enter key password for <my_home>
        (RETURN if same as keystore password):  My1stKey

Based on the documentation, the above example command should do the following for me:

  • Create a "keystore" file, herong.jks, in JKS format, with password of "HerongJKS".
  • Generate a pair of private key and public key for me using the default implementation of the default security package.
  • Generate a certificate chain with a single self-signed certificate of my public key.
  • Insert a key entry into the keystore with my private key and the certificate chain.

The following command shows that we do have a key entry in the keystore file:

>keytool -list -keystore herong.jks -storepass HerongJKS

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry:

my_home, Sat Jun 1 07:15:16 EDT 2002, keyEntry,
Certificate fingerprint 
   (MD5): BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B:D1:99:79:55

Last update: 2014.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.8.0 on Windows

 Downloading and Installing JDK 1.7.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

"keytool" Commands and "keystore" Files

 Certificates and Certificate Chains

 What Is "keystore"?

 "keytool" - Key and Certificate Management Tool

"keytool -genkey" - Generating Keys and Self-Signed Certificates

 "keytool -export/import" - Exporting and Importing Certificates

 "keytool -keyclone" - Cloning Certificates with New Identities

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 PDF Printing Version

"keytool -genkey" - Generating Keys and Self-Signed Certificates - Updated in 2014, by Dr. Herong Yang