Summary of the use of Keytool in Java

Source: Internet
Author: User
Tags dname rfc sha1 asymmetric encryption

I used this stuff a few times before, but I have to check it again. The original source of this article is here.

-----------------------------------------------------------

Keytool is a Java Data certificate management tool that Keytool the key(key) and certificate (certificates) in a file called KeyStore in KeyStore, containing two kinds of data:
Key Entity--key (secret key) or private key and paired public key (with asymmetric encryption)
Trusted certificate Entity (trusted certificate entries)--only public key is included


Ailas (alias) Each keystore is associated with this unique alias, which is usually case-insensitive

In the JDKKeytool Common commands:

-genkey a default file ". KeyStore" is created in the user's home directory, and a MyKey alias is generated, MyKey contains the user's public key, private key, and certificate
(in the case where the build location is not specified, KeyStore will present the user's system default directory, such as: For Windows XP systems, the C:/Documents and settings/username/file name ". KeyStore" is generated on the system)
-alias Generating aliases
-keystore Specifies the name of the KeyStore (the resulting types of information will not be in the. keystore file)
-keyalg the algorithm that specifies the key, such as RSA DSA (if you do not specify DSA by default)
-validity specifies how many days to create a certificate validity period
-keysize specifying the key length
-storepass Specify the password for the KeyStore (the password required to get the KeyStore information)
-keypass the password for the specified alias entry (the password for the private key)
-dname Specify certificate owner information such as: "cn= name and last name, ou= organizational unit name, o= organization name, L= City or region name, st= state or province name, c= unit of two-letter country code"
-list displaying certificate information in the KeyStoreKeytool-list-v-keystore Specify Keystore-storepass password
-V Show certificate details in KeyStore
-export Export the certificate specified by the alias to a fileKeytool-export-alias need to export the alias-keystore specify keystore-file Specify the exported certificate location and certificate name-storepass password
The-file parameter specifies the filename to export to a file
-delete Deleting an entry in the KeyStoreKEYTOOL-DELETE-ALIAS Specifies the-keystore specified keystore-storepass password to be deleted
-printcert View the exported certificate information Keytool-printcert-file YUSHAN.CRT
-KEYPASSWD Modify the specified entry password in the KeyStore Keytool-keypasswd-alias the alias to be modified-keypass old password-new new password-storepass keystore password-keystore Sage
-STOREPASSWD Modify KeyStore Password keytool-storepasswd-keystore e:/yushan.keystore (need to change password KeyStore)-storepass 123456 (Original secret Code)-new Yushan (new password)
-import Import the signed digital certificate into the KeyStore Keytool-import-alias specify an alias for the import entry-keystore specify Keystore-file certificate to be imported

The following are the default values for each option.
-alias "MyKey"

-keyalg "DSA"

-keysize 1024

-validity 90

-keystore file named. KeyStore in the user host directory

-file standard input when reading, standard output when writing



1, the KeyStore generation:

Staged builds:
Keytool-genkey-alias Yushan (alias)-keypass Yushan (alias password)-keyalg RSA (algorithm)-keysize 1024 (key length)-validity 365 (validity, days units)-keysto Re

E:/yushan.keystore (Specify the location and certificate name of the generated certificate)-storepass 123456 (get the password for keystore information); Enter the relevant information;

Once generated:
Keytool-genkey-alias yushan-keypass yushan-keyalg rsa-keysize 1024-validity 365-keystore e:/yushan.keystore-store Pass 123456-dname "cn= (name and

Last name), ou= (organizational unit name), o= (organization name), L= (city or region name), st= (state or province name), c= (unit of two-letter country code) ";(in English)

2. View of KeyStore information:
Keytool-list-v-keystore e:/Keytool/yushan.keystore-storepass 123456
Display content:
---------------------------------------------------------------------
Keystore Type: JKS
Keystore by: SUN

Your keystore contains 1 inputs

Alias Name: Yushan
Date Created: 2009-7-29
Item Type: Privatekeyentry
Certification Chain Length: 1
Certification [1]:
Owner: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Issuer: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Serial Number: 4a6f29ed
Validity: Wed Jul 00:40:13 CST 2009 to Thu Jul 00:40:13 CST 2010
Certificate thumbprint:
Md5:a3:d7:d9:74:c3:50:7d:10:c9:c2:47:b0:33:90:45:c3
Sha1:2b:fc:9e:3a:df:c6:c4:fb:87:b8:a0:c6:99:43:e9:4c:4a:e1:18:e8
Signature Algorithm Name: Sha1withrsa
Version: 3
--------------------------------------------------------------------

By default, the-list command prints the MD5 thumbprint of the certificate. If the-v option is specified, the certificate is printed in a readable format, and if the-RFC option is specified, the certificate is output in printable encoding format.

Keytool-list-rfc-keystore E:/yushan.keystore-storepass 123456

Show:

-------------------------------------------------------------------------------------------------------

Keystore Type: JKS
Keystore by: SUN

Your keystore contains 1 inputs

Alias Name: Yushan
Date Created: 2009-7-29
Item Type: Privatekeyentry
Certification Chain Length: 1
Certification [1]:
-----BEGIN CERTIFICATE-----
Miicszccabsgawibagiesm8p7tanbgkqhkig9w0baqufadbqmq8wdqydvqqgdabkuk3lm70xdzan
Bgnvbagmbua5luwnlzepma0ga1uebwwg5rmy5r2tmrewdwydvqqkdah4eownj+s8mjerma8ga1ue
Cwwiehjlhazlj7gxdzanbgnvbamtbnl1c2hhbjaefw0wota3mjgxnjqwmtnafw0xmda3mjgxnjqw
mtnamgoxdzanbgnvbaymbus4rewbvtepma0ga1uecawg5rmw5y2xmq8wdqydvqqhdabmuzjmva0x
Etapbgnvbaomchh45y2p5lyamrewdwydvqqldah4eowfrowpudepma0ga1ueaxmgexvzagfumigf
Ma0gcsqgsib3dqebaquaa4gnadcbiqkbgqcjoru1rqczrztnbwxefvnspqbyks220rs8y/ox3mza
Hjl4wlfourzuuxxuvqr2jx7qi+xkme+dhqj9r6aaclbci/t1jwf8mvyxtprutze/6kezdhowee70
Liwlve+hytlbhz03zhwcd6q5humu27du3mpqvqiwzty7mrwivqq8iqidaqabma0gcsqgsib3dqeb
Bquaa4gbagoqq1/fntfkpqh+ni6h3fzdn3sr8zzdmboaiyvlahbb85xdj8qztarhbzmjcidhxal1
I08ct3e8u87v9t8gzfwvc4bfg/+zefev76sfpve56ix7p1jpsu78z0m69hhlds77vjtdyfmsvtxv
Syhp3fxfzx9wyhipbwd8vpk/ngep
-----END CERTIFICATE-----

-------------------------------------------------------------------------------------------------------

3, the export of certificates:

Keytool-export-alias yushan-keystore e:/yushan.keystore-file e:/yushan.crt (Specify the exported certificate location and certificate name)-storepass 123456

4. View the exported certificate information
Keytool-printcert-file YUSHAN.CRT
Display: (under Windows you can double-click yushan.crt to view)
-----------------------------------------------------------------------
Owner: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Issuer: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Serial Number: 4a6f29ed
Validity: Wed Jul 00:40:13 CST 2009 to Thu Jul 00:40:13 CST 2010
Certificate thumbprint:
Md5:a3:d7:d9:74:c3:50:7d:10:c9:c2:47:b0:33:90:45:c3
Sha1:2b:fc:9e:3a:df:c6:c4:fb:87:b8:a0:c6:99:43:e9:4c:4a:e1:18:e8
Signature Algorithm Name: Sha1withrsa
Version: 3
-----------------------------------------------------------------------

5, the import of certificates:
To prepare an imported certificate:
Keytool-genkey-alias shuany-keypass shuany-keyalg rsa-keysize 1024-validity 365-keystore e:/shuany.keystore-store Pass 123456-dname "Cn=shuany,

Ou=xx, O=xx, L=xx, st=xx, c=xx ";
Keytool-export-alias Shuany-keystore e:/shuany.keystore-file E:/shuany.crt-storepass 123456

Now add the SHUANY.CRT to the Yushan.keystore:
Keytool-import-alias Shuany (Specifies the alias of the import certificate, if you do not specify the default is MyKey, the alias is unique, otherwise the import error)-file E:/shuany.crt-keystore E:/yushan.keystore- Storepass

123456

Keytool-list-v-keystore e:/Keytool/yushan.keystore-storepass 123456
Show:
------------------------------------------------------------------------------
Keystore Type: JKS
Keystore by: SUN

Your keystore contains 2 inputs

Alias Name: Yushan
Date Created: 2009-7-29
Item Type: Privatekeyentry
Certification Chain Length: 1
Certification [1]:
Owner: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Issuer: Cn=yushan, ou=xx Company, O=xx Association, l= Xiangtan, st= Hunan, c= China
Serial Number: 4a6f29ed
Validity: Wed Jul 00:40:13 CST 2009 to Thu Jul 00:40:13 CST 2010
Certificate thumbprint:
Md5:a3:d7:d9:74:c3:50:7d:10:c9:c2:47:b0:33:90:45:c3
Sha1:2b:fc:9e:3a:df:c6:c4:fb:87:b8:a0:c6:99:43:e9:4c:4a:e1:18:e8
Signature Algorithm Name: Sha1withrsa
Version: 3


*******************************************
*******************************************


Alias Name: Shuany
Date Created: 2009-7-29
INPUT type: trustedcertentry

Owner: Cn=shuany, Ou=xx, O=xx, L=xx, St=xx, c=xx
Issued by: Cn=shuany, Ou=xx, O=xx, L=xx, St=xx, c=xx
Serial Number: 4A6F2CD9
Validity: Wed Jul 00:52:41 CST 2009 to Thu Jul 00:52:41 CST 2010
Certificate thumbprint:
Md5:15:03:57:9b:14:bd:c5:50:21:15:47:1e:29:87:a4:e6
Sha1:c1:4f:8b:cd:5e:c2:94:77:b7:42:29:35:5c:bb:bb:2e:9e:f0:89:f5
Signature Algorithm Name: Sha1withrsa
Version: 3


*******************************************
*******************************************
------------------------------------------------------------------------------

6, the deletion of the certificate entry:
Keytool-delete-alias Shuany (Specify the alias to be removed)-keystore Yushan.keystore-storepass 123456

7, the Certificate entry password modification:
Keytool-keypasswd-alias Yushan (alias to change password)-keypass Yushan (original password)-new 123456 (new password for alias)-keystore E:/yushan.keystore-stor Epass 123456

8, keystore password changes:
Keytool-storepasswd-keystore E:/yushan.keystore (need to change password KeyStore)-storepass 123456 (original password)-new Yushan (new password)

9. Modify the information of alias Yushan in KeyStore

Keytool-selfcert-alias yushan-keypass yushan-keystore e:/yushan.keystore-storepass 123456-dname "Cn=yushan,ou=yusha N,o=yushan,c=us "

detailed description of the Keytool:

Http://www.javaresearch.org/article/6718.html

Summary of usage of keytool in Java

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.