Guo Jia
Email: [Email protected]
Blog: http://blog.csdn.net/allenwells
Github:https://github.com/allenwell
"Java Security Technology Exploration Road Series: J2SE Security Architecture" Chapter list
"Java Security Technology Exploration Road Series: J2SE Security Architecture": J2SE Security Architecture begins
"Java Security Technology Exploration Road Series: J2SE Security Architecture" V: Class Loader
"Java Security Technology Exploration Road Series: J2SE Security Architecture" VI: Security management tools
As part of the J2SE composite package, the JAVA2 platform provides a set of tools to manage security policies, create keys, manage keys and certificates, sign jar files, validate signatures, and other features that support key management.
A KeyStore
A keystore is a protected database that stores trusted certificate entries for keys and keys. The structure of the KeyStore is as follows:
The following is an introduction to the use of related tools.
Two Keytool
Keytool is a tool for managing keys and certificates, enabling users to manage their own public/private key pairs and associated certificates. Keytool is primarily used for authentication services and for verifying the integrity of data using digital signatures . The Keytool tool uses the certificate standard of the certificates. The standard uses:
- Abstract syntax Markup (abstract Syntax Notation 1): Describes certificate data.
- Explicit encoding rule (definite Encoding rules): Specifies how information is stored and transmitted.
- Distinguished name (distinguished Name): Describes the value of the holder and issuer fields.
The J2SE composite package provides keytool tools in the form of command-line tools. The relevant commands are as follows:
The following shows how to use these commands:
2.1 Using Keytool to generate a key pair
-genkey-alias-keyalg-keystore-keypass-storepass mystorepass
After you run the command, the following interface appears, one by one.
After the answer is completed, the mykeystore file is generated in the current directory, which is an encrypted file and cannot be opened directly.
2.2 Key-Store related Operations 2.2.1 View items in the KeyStore
-list-keystore mykeystore
Enter the password: Mykeystorepass to view the keys in the KeyStore, as shown in:
-list-v-keystore mykeystore
- v option, the certificate is displayed in a human-readable format, as shown in:
-rfc option, the certificate displays the certificate in BASE64 encoded format, as shown in:
2.2.2 Exporting a certificate from a KeyStore
-export-alias-file mycertificate.-keystore mykeystore
After you enter the command, you are prompted for the KeyStore password, as shown in:
After the password is entered, a certificate file is generated at the command line's current directory , as shown in:
2.2.3 Importing certificates to KeyStore
-import-alias-file mycertificate.-keypass-keystore-storepass clientpass
Execute the command to import the certificate as shown in:
2.2.4 Modifying the KeyStore password
-storepasswd-new-keystore-storepass mystorepass
2.3 Certificate-related Actions 2.3.1 Display certificate contents
-printcert-file mycertificate.cer
After executing the command, display the certificate information as shown in:
2.3.2 Creating a certificate issuance request
-certReq-keystore-file myCSR.-alias mycsralias
Three Policytool
Input command
policytool
The interface looks like this:
Four Jarsigner
The Jarsigner tool is used to digitally sign a jar file and verify the signature of the jar file and the integrity of the file. The related Operations command looks like this:
4.1 Jar File Signature
The following demonstrates signing for Myjar.jar and naming the jar file after the signature as the Mysignedjar.jar procedure.
-keystore C:\Users\Administrator\-storepass-keypass-signedjar mySignedJar.jar myJar.jar myalias
After the command is executed, the command is displayed successfully, as shown in:
3.2 Verifying the signed Jar file
jarsigner -keystore C:\Users\Administrator\mykeystore -verify -certs mySignedJar.jar
Java Security Technology Exploration Road Series: J2SE Security Architecture VI: Security management tools