The function and using method of Java Keytool tool

Source: Internet
Author: User

Keytool is a security key and certificate management tool. It manages a keystore (quite a database) of the associated X.509 certificate chain that stores the private key and verifies the corresponding public key.

Keytool is an effective security key and certificate management tool. It enables users to use digital signatures to manage their own private/public key pairs, manage certificates related to authentication, and manage data integrity and authentication services. It also enables users to cache their public keys when communicating.

A certificate is a digital signature of an entity (individual, company, etc.) that indicates the detailed value of the public key (or other information) of the other entity. When the data is signed, the signature information is used to verify the integrity and authenticity of the data. The integrity index has not been modified and tampered with, The authenticity index is reached from the true transmission of any party generating and signing.

Keytool store the keys and certificates in a keystore. Mezhin implementation KeyStore is a file. It protects the key with a password.

Another tool, Jarsigner, produces or verifies the digital signature in a Java aRchive (JAR file) using the information in KeyStore.

The KeyStore has two different entrances:

1. Key entry: Stores very sensitive encrypted key information and is stored in a protected format to prevent unauthorized access. The key stored in this form is the secret key, or a private key to the public key in the certificate chain.

2. Trust Certificate entry: contains a single public key certificate that belongs to another part. It is called a "Trust certificate" because the public key in the certificate that KeyStore trusts is truly the identity of the certificate owner.

Alias of KeyStore:

All KeyStore entrances (keys and trust certificate portals) are accessed through a unique alias. Aliases are case-insensitive. If the alias Hugo and Hugo Point to the same keystore entrance.

You can use the-genkey parameter to create a key pair (public key and private key) when adding an inlet to KeyStore. You can also use the-import parameter to add a certificate or a certificate chain to a trust certificate.

Such as:

Keytool-genkey-alias Duke-keypass dukekeypasswd

where Duke is an alias, DUKEKEYPASSWD is the password for the Duke alias. The function of this line of command is to generate a new public/private key pair.

If you want to change your password, you can use:

Keytool-keypasswd-alias Duke-keypass dukekeypasswd-new Newpass

Change the old password dukekeypasswd to Newpass.

The production of KeyStore:

1. When you use the-genkey or-import or-IDENTITYDB command to add data to a keystore, and when this keystore does not exist, a keystore is generated. The default name is. KeyStore, which is stored in the User-home directory.

2. When specified with-keystore, the specified KeyStore is generated.

Implementation of KeyStore:

The Keytool class is located under the Java.security package, providing a very good interface to obtain and modify information in a keystore. There are currently two command lines: Keytool and Jarsinger, a GUI tool policy can implement KeyStore. Because the KeyStore is public, users can use it to write some additional security applications.

KeyStore also has a sun company-provided interior implementation. It implements KeyStore as a file. A KeyStore type (format) "JKS" was used. It protects each private key with a separate password. It also protects the integrity of the entire keystore with possibly different passwords.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.