Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
Cloning Certificates with New Identities
This section provides a tutorial example on how to use the 'keytool -keyclone' and 'keytool -selfcert' commands to clone an existing key entry and self-sign it with a new identity.
In the fourth example, I want to create a new key entry with the same key pair of an existing key entry, but change the identity information:
herong> keytool -keyclone -alias my_home -dest my_copy \ -keypass My1stKey -new My2ndKey -keystore herong.jks \ -storepass HerongJKS herong> keytool -selfcert -alias my_copy -keypass My2ndKey \ -dname "cn=Herong Yang, ou=My Unit 2, o=My Organization 2, c=US" \ -keystore herong.jks -storepass HerongJKS herong> keytool -export -alias my_copy -file my_copy.crt \ -keystore herong.jks -storepass HerongJKS Certificate stored in file <my_copy.crt> herong> keytool -printcert -file my_copy.crt Owner: CN=Herong Yang, OU=My Unit 2, O=My Organization 2, C=US Issuer: CN=Herong Yang, OU=My Unit 2, O=My Organization 2, C=US Serial number: 40798b4f Valid from: Sat Jun 1 14:15:43 EDT 2002 until: Sat Aug 31 14:15:43... Certificate fingerprints: MD5: 4A:E4:D9:BC:E9:8C:50:27:6C:00:59:76:D1:14:05:79 SHA1: FA:F5:30:78:22:3B:52:28:0D:41:24:0B:CA:CC:6F:D4:0E:...
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
►"keytool" and "keystore" from JDK
Certificates and Certificate Chains
Exporting and Import Certificates
Generating CSR (Certificate Signing Request)
►Cloning Certificates with New Identities
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"