PKI Certificate Tutorials - Herong's Tutorial Examples

∟Java "keytool" Commands and KeyStore Files

This chapter provides tutorial notes and example codes on the Java 'keytool' command. Topics include introduction of KeyStore file and 'keytool' command; generating and managing keys and self-signed certificates; exporting and importing certificates; generating CSR (Certificate Signing Request); signing CSR with X.509 extensions; exporting private/public key pairs.

What Is Java KeyStore File?

"keytool" - Key and Certificate Management Tool

"keytool -genkeypair" - Generate Key with Self-Signed Certificate

"keytool -export/import" - Export and Import Certificates

"keytool -keyclone" - Clone Self-Signed Certificate with New Identity

"keytool -certreq" - Generate CSR (Certificate Signing Request)

"keytool -gencert" - Sign CSR with CA certificate

"keytool -gencert -ext" - Sign CSR with X.509 Extensions

Export Key Pair using "keytool -importkeystore"

Conclusions:

• KeyStore file is a database file used by Java applications to store self-signed certificates with matching private/public key pairs and other certificates.
• KeyStore files support 2 formats: PKCS12 and JKS (Java KeyStore).
• KeyStore files are encrypted with passwords.
• A private key entry in a KeyStore file contains a private/public key pair and a self-signed certificate.
• Private/public key pairs in KeyStore files encrypted independently from the file encryption.
• A certificate entry in a KeyStore file contains only a certificate of a public key.
• "keytool" is a command line tool to manage keys and certificates inside KeyStore files.
• "keytool -genkeypair" command can be used generate a private key entry.
• "keytool -certreq" command can be used generate a CSR (Certificate Signing Request) from a private key entry.
• "keytool -gencert" command can be used sign a CSR.
• "keytool -exportcert" command can be used to export a certificate out of a KeyStore file.
• "keytool -importcert" command can be used to import a certificate into a KeyStore file.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

►Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

Java "keytool" Commands and KeyStore Files - Updated in 2024, by Herong Yang