Generate jks file in Java
A Java KeyStore (JKS)
is a repository of security certificates. If you install Java, open command
prompt and type “keytool” You will get help like following.
$ keytool Key and Certificate Management Tool Commands: -certreq Generates a certificate request -changealias Changes an entry's alias -delete Deletes an entry -exportcert Exports certificate -genkeypair Generates a key pair -genseckey Generates a secret key -gencert Generates certificate from a certificate request -importcert Imports a certificate or a certificate chain -importpass Imports a password -importkeystore Imports one or all entries from another keystore -keypasswd Changes the key password of an entry -list Lists entries in a keystore -printcert Prints the content of a certificate -printcertreq Prints the content of a certificate request -printcrl Prints the content of a CRL file -storepasswd Changes the store password of a keystore Use "keytool -command_name -help" for usage of command_name
Use following command
to create jks file.
keytool -genkey
-alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks
$ keytool -genkey -alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Hari Krishna Gurram What is the name of your organizational unit? [Unknown]: Self learn Java What is the name of your organization? [Unknown]: Self learn Java What is the name of your City or Locality? [Unknown]: Bangalore What is the name of your State or Province? [Unknown]: Karnataka What is the two-letter country code for this unit? [Unknown]: IN Is CN=Hari Krishna Gurram, OU=Self learn Java, O=Self learn Java, L=Bangalore, ST=Karnataka, C=IN correct? [no]: y Enter key password for <certificate1> (RETURN if same as keystore password):
keytool takes some
information from you and generates certificate.
Extract public key from certificate
Use following command
to extract public key from certificate.
keytool -export -alias
certificate1 -keystore keystore.jks -rfc -file public.cert
$ keytool -export -alias certificate1 -keystore keystore.jks -rfc -file public.cert Enter keystore password: Certificate stored in file <public.cert> $ cat public.cert -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2 YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt 23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9 sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw 1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I= -----END CERTIFICATE-----
Extract private key from certificate
Step 1: Generate p12 file
$ keytool -v
-importkeystore -srckeystore keystore.jks -srcalias certificate1 -destkeystore
myp12file.p12 -deststoretype PKCS12
Enter destination
keystore password:
Re-enter new
password:
Enter source keystore
password:
[Storing
myp12file.p12]
Step 2: Extract private key from p12 file.
openssl pkcs12 -in
myp12file.p12 -out private.pem
$ openssl pkcs12 -in myp12file.p12 -out private.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
localhost:~ harikrishna_gurram$ cat private.pem
Bag Attributes
friendlyName: certificate1
localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AD864ADA56589C21
aZZCBpITRNMbi3GkaUzD7jv3LzfLKw+PA2GjHU0y/sW8uXpxagyFf3nVBknOBjT6
pwq2K+1knqjx3/M4rVt04JmU6x2midLraTwdtmCtztmtDcL+XgJQG12hlIrSKHqo
yQ3Nrx5WZsHwbz8M1nYHMCHW7rIgw+jLkNvIBLGyO4CpZiPKcb32UHqpK1MVA06o
fkfDHjfwiWtRLnUpk49RsVHggJUf1DI/cEFeWEkR2O4LEjvSmhFeJMSDdl7xnSYR
oKDDpL7ZSHDOEamkPhB5rvCgSUWsEvXnST/2bV5PlfvimbUJMNR38D804/CAPaOh
oZiV/exEJ5QZVGSiB3erJQYJwj96Btr9MI4sIuVfrTkIm9QGia9wV9zw3rtbYP7u
hddJRtJeuayApt5KUQfWg8GHbbwZYayPFMK7zUmEKMm9VLa1iBzMoiEsLBFToXKJ
jWqirfWcjdEoapOhQTOPY6ut+EaFF7dgb+7vv2oJ+e3UPNMZnVU37tWPbHhhAQGk
JHU0OsljGNLw3ISe8GkSTzTMu4Or0pPRVoIN/qyRm9LWcBP3ymjp79T4epSbhSH1
duCGeNUD8sZWv0YwffzyjxnpdLtOmxJUCYbl/1u8yxYYyrXvlk/pgkyvo3Ick/uq
37Q65yscmFq25H7mGo5MFqg2imFXdT6Fw1YVRN92+iGWP8XJ7rHjI06+MS8UX1Be
6cqm2ZbF71lNGSW4JzSL5B03qZBI/AdTOFESfoXH2NkTJO/F20zcR6yGy5+jHeyR
QKCulaPYGR2W/qpp3j2H6vZTl9ZFJFi4dH0s4LplDS5aS9LNLjL4ZhT8A/Ly3S5O
Iij91vnkxSoxB0SSypaNtUsTtTOXg2gEsRtAG8a8z9NbKtYK7NzOA5Yl9jqyry7S
zjZTx0aMZHjrVJU6Nw4QEOGrea9yU6gCqfM6Bix2rMEBUaLJjHCFasBn9Yc+OSVd
pQRoxZKDIdmzZcFMHiNMDc2nArY5N9qgH06RyKnGFKRzF3k1bwtlVNWZC9ZeKeWj
nG9RND9IGauheSNFAZSUXmm1k3R+ZoHCqi08jfBrt1YuX6qwoX1k5FCenM1dJCj8
NakxfthKBENdyQ3seQeDY+LtbZmQQPb61UQu6Q+xvgKD5fMaVk5tUkBGMdppxIpi
whih2yZNstU8e/2JuC/e9r1H0t40bqkDvhdxXTZ24n7YfFF4R632nYD/8POyANH5
eySgm7ETIAZJbhGOy8icLOOkUsF8Zb3nFdNzN4BR5P/lCrwEIcpscCTDmNdcJOoJ
wTrFAW/VWa+Oh0k9jiOQ0KqNqBTLkG7f4TQOg++y8+bcyW2JsVJOEYeKmMwjO9ZV
r0SAqN5XxcwSCTj52j2A2bxMtXg+8XpfgTZnj4HRcWRVaG4ZVPdsLGIEGsaBka91
TDijXNNw9DlVehGBZxoszVYhnPKXIoIXtGISLb5sCybRUruhpiMqyOYOWzttRDZo
DoNAeogDV2KHdfgNwSzn9IwCpRGYk44mNgMQtemPO7AHO6VXLtx+9hY0qzEzz6Wh
Jn2xN8HbZerLcMmE7ztrn/2mZzN4NErReUdbjhytKIzdfLez9tYgiq95XpBvuwnr
-----END RSA PRIVATE KEY-----
Bag Attributes
friendlyName: certificate1
localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30
subject=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYD
VQQKEw9TZWxmIGxlYXJuIEphdmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEc
MBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJhbTAeFw0xNTA3MDMwNzA5MTlaFw0x
NTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWth
MRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2YTEY
MBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEg
R3VycmFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU
6r4+oYS77YJCLlhPBuxt23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+ql
xftYYcd8+EQp3AqT+mFc5bWy+ZwLG1IyUyh+eXLVYiv3FemM3YpKQidRGzbzizso
3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95GS3uscWPkE6kn6Gou2FXu
GNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOrV/Ad4olX
QcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4
nApGA89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIw
DQYJKoZIhvcNAQELBQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83
e0m4qKBVPu0tdEbcLBru+5yvDcd9sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqe
vGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWMH3m375fyRdS7mWDlPBJG8gA1
Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzbUqlcLycohTOn
h6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw
1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I=
-----END CERTIFICATE-----
Related Articles
No comments:
Post a Comment