The article comes from the Internet, and it is very useful to remember. Place it here.
Java KeyTool Tools and Methods
Li Wenjun 2002-7-8 15:02:00
-------------------------------------------------- ------------------------------
KeyTool is a security key and certificate management tool. It manages keystore that stores private keys and verify the X.509 certificate chain associated with the corresponding public key (a pretty database). KeyTool is a valid security key and certificate It can use digital signatures to manage their own private / public key pairs, manage data integrity and authentication services for self-identification. It also carses users to cache when communications. Their common keys. A certificate is a digital signature of a entity (individual, company, etc.), pointing out the detailed value of the public key (or other information) of other entities. After the data is signed, this signature information is used to test The integrity and authenticity of the data. Integrity Index is not modified and tampered, the authenticity referred to the true transmission from one of the generation and signatures to reach. Keytool stores the key and certificate to a keystore. Mailing to implement keystore It is a file. It uses a password protected key. Another tool Jarsigner generates or checks the digital signature in the Java Archive (JAR file) in the keystore. KeyStore has two different portions: 1. Key entry: save A very sensitive encrypted key information, and is stored in a protected format to prevent unauthorized access. The key stored in this form is a secret key, or a private key for the public key in the corresponding certificate chain. 2 Trust certificate: a single public key certificate belonging to other parts. It is called a "trust certificate" because the public key in the certificate trusted by KeyStore truly belongs to the identification of the certificate owner. KeyStore alias: All KeyStore entrances (key and trust certificate) are accessed by unique alias. The alias is not case sensitive. If the alias hugo and hugo point to the same keystore entry. You can use the -genkey parameter when adding an entry to KeyStore. To generate a key to (public key and private key) specify an alias. You can also use the -import parameter to add a certificate or certificate chain to the trust certificate. Such as: keytool -genkey -alias duke -keypass dukekeyPasswd where dukeKeyPasswd is Duke alias password. The role of this command is to generate a new public / private key. If you want to change your password, you can use: keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass will change the old password dukekeyPasswd to newp ASS. KEYSTORE: 1. Add data to a keystore when using the -genkey or -import or -ident or -iditydb, and when this keystore does not exist, a keystore is generated. KeyStore, stored in the user-home directory. 2. When specified with -kestore, the specified keystore. KeyStore is generated: The KeyTool class is under the java.security package, providing a very good interface to get and modify the information in a keystore. Currently there are two command lines : KeyTool and Jarsinger, a GUI tool Policy can implement keystore. Because KeyStore is open, users can use some additional secure applications. KeyStore has an inner implementation provided by Sun Company. It puts keystore as a file to implement it as a file. Using a keystore type (format) "JKS". It protects each private key with a separate password. It also uses possible different passwords to protect the entire keystore integrity. Supported algorithms and key sizes: KeyTool allows users to specify key pairs And the signature algorithm provided by the registration password service provider. The default key to the generating algorithm is "DSA". If the private key is "DSA" type, the default signature algorithm is "sha1withdsa", if the private key is "RSA" type The default algorithm is "MD5withRSA"
When a DSA key is generated, the key must be between 512-1024 bits. The default key size for any algorithm is 1024 bits. Certificate: A certificate is a digital signature of an entity, indicating that the public key of other entities is clear. Value. And stored in an entity, one signature can prove that this entity knows this data. This data is signed and submitted by the physical private key; 3. Identity: I know the entity method. I am a public key in some systems, other systems Can be anything from the Unix UID from a mail address of an X.509 name; 4. Signature: A signature use of physical private keys to calculate some encrypted data; 5. Private key: is some numbers, each private key It can only be known by a specific entity with the private key. Private and public keys have all key pairs of all systems with public key encryption. A public key encryption (such as DSA), a private key to communicate with a correct public key. Private keys are used to calculate signatures. 6. Entity: A entity can be a person, an organization, a program, a computer, a business, a bank, or something you want to trust. KeyTool Application example: 1. Generate a keystore: keytool -genkey -alias User (keystore alias) -keyalg RSA -validity 7 -keystore keystore (the specified keystore) run this command, the system prompts:. enter keystore password: yourpassword (password) What is your first and last name ? [Unknown]: Your name (Enter your name) What is the name of your Organizational unit? [Unknown]: Your Organizational (enter the name of your organization) What is the name of Your Organization? [UnkNown]: Your Organization Name (Enter your organization's name) What is the name of your city or locality? [unknown]: Your city name (enter the name of the city) What is the name of yo UR State or Province? [Unknown]: Your Provice Name (Enter the name of the province) What is the two-letter country code for this unit? [unknown]: CN (Enter country name) is cn = Your name, Ou = Your Organizaion , O = "Your Organization Name", L = Your City Name, ST = Your Province Name, C = CN CORRECT? [NO]: YES 2. Check a KeyStore: Keytore Enter KeyStore Password: YOUR password (password) displayed keystore content such as: keystore type: jks keystore provider: SUN Your keystore contains 1 entry Alias name: yourname Creation date: Dec 20, 2001 entry type: keyEntry Certificate chain length: 1 Certificate [1]: Owner : Cn = Yourname, OU = Your Organization, o = "Your Organization Name", L = Your City Name, ST = Your Province Name, C =
