Java keytool usage Summary)
Keytool is a Java data certificate management tool. keytool stores keys and certificates in a file called keystore in the keystore, which contains two types of data:
Key entity-secret key or private key and paired Public Key (asymmetric encryption)
Trusted certificate entity (trusted Certificate entries)-contains only the Public Key
Ailas (alias) Each keystore is associated with this unique alias, which is usually case insensitive.
Common keytool commands in JDK:
-Genkey creates a default file ". keystore" in the user's main directory, and generates a mykey alias. mykey contains the user's public key, private key, and certificate.
(If NO generated location is specified, the keystore will have the default directory of the user system. For example, for Windows XP system, it will be generated in the system C: \ Documents and Settings \ USERNAME \ file name is ". keystore ")
-Alias generation
-Keystore specifies the name of the keystore (the generated information will not be in the. keystore file)
-Keyalg specifies the key algorithm (for example, rsa dsa (if not specified, DSA is used by default ))
-Validity: Specifies the validity period of the created certificate.
-Keysize: Specifies the key length.
-Storepass: Specifies the password of the keystore (the password required for obtaining keystore Information)
-Keypass: Specifies the password of an Alias Entry (private key password)
-Dname: Specify the certificate owner information, for example, "cn = name and last name, ou = Name of the organization unit, O = Name of the organization, L = Name of the city or region, St = Name of the State or province, C = two-letter country code in the unit"
-List: displays the certificate information in the keystore. keytool-list-v-keystore: Specifies the keystore-storepass password.
-V: displays the certificate details in the keystore.
-Export: export the Certificate specified by the alias to the file keytool-export-alias: the alias to be exported-keystore: Specifies the keystore-file: Specifies the certificate location to be exported and the Certificate Name-storepass password.
-The file parameter specifies the file name to be exported.
-Delete: deletes an entry in the keystore. keytool-delete-alias specifies the key to be deleted.-keystore specifies the keystore-storepass password.
-Printcert: view the exported Certificate Information keytool-printcert-file Yushan. CRT
-Keypasswd: Modify the entry password keytool-keypasswd-alias to be modified in the keystore-keypass old password-new password-storepass keystore password-keystore sage
-Storepasswd: Modify the keystore password keytool-storepasswd-keystore E: \ Yushan. keystore (the keystore with the password to be modified)-storepass 123456 (original password)-New Yushan (new password)
-Import: import the signed digital certificate to the keystore keytool-import-alias to specify the alias of the import entry-keystore to specify the certificate to be imported in the keystore-File
The following are the default values of each option.
-Alias "mykey"
-Keyalg "DSA"
-Keysize 1024:
-Validity 90
-Files named. keystore in the keystore user's home directory
-When the file is read, the standard input is written, and the standard output is written.
1. keystore generation:
Generation in stages:
Keytool-genkey-alias Yushan (alias)-keypass Yushan (alias password)-keyalg RSA (algorithm)-keysize 1024 (key length)-validity 365 (validity period, daily unit)-keystore
E: \ Yushan. keystore (specify the certificate generation location and Certificate Name)-storepass 123456 (obtain the password for keystore information); Press enter to enter the relevant information;
One-time generation:
Keytool-genkey-alias Yushan-keypass Yushan-keyalg RSA-keysize 1024-validity 365-keystore E: \ Yushan. keystore-storepass 123456-dname "cn = (name and
Surname), ou = (organization unit name), O = (organization name), L = (city or region name), ST = (State or province name ), C = (two-letter country code in the unit) "; (Chinese and English)
2. view the keystore information:
Keytool-list-v-keystore E: \ keytool \ Yushan. keystore-storepass 123456
Display content:
---------------------------------------------------------------------
Keystore type: jks
Keystore provider: Sun
Your keystore contains 1 Input
Alias Name: Yushan
Created on:
Item type: privatekeyentry
Authentication chain length: 1
Authentication [1]:
Owner: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Issuer: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Serial number: 4a6f29ed
Validity Period: Wed Jul 29 00:40:13 CST 2009 to Thu Jul 29 00:40:13 CST 2010
Certificate fingerprint:
MD5: A3: D7: D9: 74: C3: 50: 7d: 10: C9: C2: 47: B0: 33: 90: 45: C3
Sha1: 2b: FC: 9e: 3A: DF: C6: C4: FB: 87: B8: A0: C6: 99: 43: E9: 4C: 4A: E1: 18: e8
Signature algorithm name: sha1withrsa
Version: 3
--------------------------------------------------------------------
By default, the-LIST Command prints the MD5 fingerprint of the certificate. If the-V option is specified, the certificate is printed in readable format. If the-RFC option is specified, the certificate is output in printable encoding format.
Keytool-list-RFC-keystore E: \ Yushan. keystore-storepass 123456
Display:
Bytes -------------------------------------------------------------------------------------------------------
Keystore type: jks
Keystore provider: Sun
Your keystore contains 1 Input
Alias Name: Yushan
Created on:
Item type: privatekeyentry
Authentication chain length: 1
Authentication [1]:
----- Begin certificate -----
Bytes
Bgnvbagmbua5luwnlzepma0ga1uebwwg5rmy5r2tmrewdwydvqqkdah4eownj + s8mjerma8ga1ue
Bytes
Bytes
Bytes
Marketing/ox3mza
Hjl4wlfourzuuxxuvqr2jx7qi + xkme + dhqj9r6aaclbci/t1127f8mvyxtprutze/6kezdhowee70
Liwlve + Lifecycle
Bquaa4gbagqq1/fntfkpqh + ni6h3fzdn3sr8zzdmboaiyvlahbb85xdj8qztarhbzmjcidhxal1
I08ct3e8u87v9t8gzfwvc4bfg/+ zefev76sfpve56ix7p1jpsu78z0m69hhlds77vjtdyfmsvtxv
Syhp3fxfzx9wyhipbwd8vpk/ngep
----- End certificate -----
Bytes -------------------------------------------------------------------------------------------------------
3. Certificate export:
Keytool-export-alias Yushan-keystore E: \ Yushan. keystore-file E: \ Yushan. CRT (specify the certificate location and name to export)-storepass 123456
4. View exported Certificate Information
Keytool-printcert-file Yushan. CRT
Display: (in windows, double-click Yushan. CRT to View Details)
-----------------------------------------------------------------------
Owner: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Issuer: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Serial number: 4a6f29ed
Validity Period: Wed Jul 29 00:40:13 CST 2009 to Thu Jul 29 00:40:13 CST 2010
Certificate fingerprint:
MD5: A3: D7: D9: 74: C3: 50: 7d: 10: C9: C2: 47: B0: 33: 90: 45: C3
Sha1: 2b: FC: 9e: 3A: DF: C6: C4: FB: 87: B8: A0: C6: 99: 43: E9: 4C: 4A: E1: 18: e8
Signature algorithm name: sha1withrsa
Version: 3
-----------------------------------------------------------------------
5. Certificate import:
Prepare an imported certificate:
Keytool-genkey-alias shuany-keypass shuany-keyalg RSA-keysize 1024-validity 365-keystore E: \ shuany. keystore-storepass 123456-dname "cn = shuany,
Ou = XX, O = XX, L = XX, St = XX, c = xx ";
Keytool-export-alias shuany-keystore E: \ shuany. keystore-file E: \ shuany. CRT-storepass 123456
Now add shuany. CRT to Yushan. keystore:
Keytool-import-alias shuany (specifies the alias for the certificate to be imported. If this parameter is not specified, the default value is mykey. the alias is unique; otherwise, an error occurs during import)-file E: \ shuany. CRT-keystore E: \ Yushan. keystore-storepass
123456
Keytool-list-v-keystore E: \ keytool \ Yushan. keystore-storepass 123456
Display:
------------------------------------------------------------------------------
Keystore type: jks
Keystore provider: Sun
Your keystore contains 2 Inputs
Alias Name: Yushan
Created on:
Item type: privatekeyentry
Authentication chain length: 1
Authentication [1]:
Owner: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Issuer: Cn = Yushan, ou = XX Company, O = XX Association, L = Xiangtan, St = Hunan, c = China
Serial number: 4a6f29ed
Validity Period: Wed Jul 29 00:40:13 CST 2009 to Thu Jul 29 00:40:13 CST 2010
Certificate fingerprint:
MD5: A3: D7: D9: 74: C3: 50: 7d: 10: C9: C2: 47: B0: 33: 90: 45: C3
Sha1: 2b: FC: 9e: 3A: DF: C6: C4: FB: 87: B8: A0: C6: 99: 43: E9: 4C: 4A: E1: 18: e8
Signature algorithm name: sha1withrsa
Version: 3
**************************************** ***
**************************************** ***
Alias Name: shuany
Created on:
Input type: trustedcertentry
Owner: Cn = shuany, ou = XX, O = XX, L = XX, St = XX, c = xx
Issuer: Cn = shuany, ou = XX, O = XX, L = XX, St = XX, c = xx
Serial number: 4a6f2cd9
Validity Period: Wed Jul 29 00:52:41 CST 2009 to Thu Jul 29 00:52:41 CST 2010
Certificate fingerprint:
MD5: 15: 03: 57: 9B: 14: BD: C5: 50: 21: 15: 47: 1E: 29: 87: A4: E6
Sha1: C1: 4f: 8B: CD: 5E: C2: 94: 77: B7: 42: 29: 35: 5C: BB: 2E: 9e: F0: 89: f5
Signature algorithm name: sha1withrsa
Version: 3
**************************************** ***
**************************************** ***
------------------------------------------------------------------------------
6. delete a certificate entry:
Keytool-delete-alias shuany (alias to be deleted)-keystore Yushan. keystore-storepass 123456
7. certificate entry password modification:
Keytool-keypasswd-alias Yushan (alias for password modification)-keypass Yushan (original password)-New 123456 (new password for alias)-keystore E: \ Yushan. keystore-storepass 123456
8. Modify the keystore password:
Keytool-storepasswd-keystore E: \ Yushan. keystore (the keystore with the password to be modified)-storepass 123456 (original password)-New Yushan (new password)
9. Modify the information of the keystore alias Yushan.
Keytool-selfcert-alias Yushan-keypass Yushan-keystore E: \ Yushan. keystore-storepass 123456-dname "cn = Yushan, ou = Yushan, O = Yushan, c = us
Http://hi.baidu.com/%B0%D7%D4%C6%D2%BB%C2%C6/blog/item/aae0b1c2d3f73e010ff4771c.html