Java Key Store: Difference between revisions
Jump to navigation
Jump to search
Line 177: | Line 177: | ||
* [https://dzone.com/articles/extracting-a-private-key-from-java-keystore-jks Extracting a Private Key From the Java Keystore] | * [https://dzone.com/articles/extracting-a-private-key-from-java-keystore-jks Extracting a Private Key From the Java Keystore] | ||
* [https://stackoverflow.com/questions/51547746/ Export public key from JKS using Keytool] | * [https://stackoverflow.com/questions/51547746/ Export public key from JKS using Keytool] | ||
* [https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html Import a public SSL certificate into a JVM] | |||
* [[Raspberry Pi Apache2 Lets Encrypt SSL]] | |||
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html Creating a KeyStore in JKS Format] | * [https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html Creating a KeyStore in JKS Format] | ||
* [https://stackoverflow.com/questions/26711731/ Read public key from JKS] | * [https://stackoverflow.com/questions/26711731/ Read public key from JKS] | ||
|} | |} |
Revision as of 22:47, 23 March 2022
keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
-dname "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
-keystore clients.jks -alias academia\
-storepass storepasswd\
-keypass storepasswd
keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
-dname "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
-storetype pkcs12 -keystore clients.jks -alias academia\
-storepass storepasswd\
-keypass storepasswd
Java Code
public class JavaKeyStoreTest {
private static final Logger LOG = LoggerFactory.getLogger(JavaKeyStoreTest.class);
private static final char[] STORE_PASSWORD = "storepasswd".toCharArray();
private static final String STORE_TYPE = KeyStore.getDefaultType();
private static final String KEY_ALIAS = "academia";
private KeyStore keyStore;
@BeforeEach
public void setUp() throws Exception {
keyStore = KeyStore.getInstance(STORE_TYPE);
Resource resource = new ClassPathResource("/META-INF/keystore/server.jks");
keyStore.load(resource.getInputStream(), STORE_PASSWORD);
}
@Test
public void testKey() throws Exception {
Key key = keyStore.getKey(KEY_ALIAS, STORE_PASSWORD);
if (key instanceof PrivateKey){
Certificate cert = keyStore.getCertificate(KEY_ALIAS);
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) key;
LOG.info("Public Key:\n{}", Base64.getEncoder().encodeToString(publicKey.getEncoded()));
KeyPair keyPair = new KeyPair(publicKey, privateKey);
}
Assertions.assertTrue(true);
}
}
Create
keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
-dname "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
-storetype pkcs12 -keystore clients.jks -alias academia\
-storepass storepasswd
Import
keytool -importkeystore -deststoretype pkcs12\
-srckeystore clients.jks\
-destkeystore servers.jks\
-srcstorepass storepasswd\
-deststorepass storepasswd\
-srcalias academia\
-destalias academia
keytool -importkeystore -deststoretype pkcs12\
-srckeystore clients.jks\
-destkeystore clients.p12\
-srcstorepass storepasswd\
-deststorepass storepasswd\
-srcalias academia\
-destalias academia
Root CA Cert
keytool -importcert -trustcacerts\
-storepass storepasswd\
-keystore clients.jks\
-file rootca.cer\
-alias rootca
Sub CA Cert
keytool -importcert -trustcacerts\
-storepass storepasswd\
-keystore clients.jks\
-file subca.cer\
-alias subca
Certificate
keytool -importcert\
-storepass storepasswd\
-keystore clients.jks\
-file software.crt\
-alias software
Export
Keytool
keytool -rfc -export\
-storepass storepasswd\
-keystore clients.jks\
-alias academia\
-file academia.pem
keytool -export\
-storepass storepasswd\
-keystore clients.jks\
-alias academia\
-file academia.pem
OpenSSL
openssl pkcs12 -nodes -nocerts\
-out private_key.pem\
-in clients.p12
openssl pkcs12 -nokeys\
-out public_key.pem\
-in clients.p12
Certificate List
keytool -list -keystore clients.jks -storepass storepasswd
keytool -list -keystore clients.p12 -storepass storepasswd
keytool -list -keystore servers.jks -storepass storepasswd
Knowledge
# debugging certificate handshacking
service='api.chorke.org:5443/soap/services';\
echo -e "GET / HTTP/1.0\r\n" | openssl s_client \
-connect $service -CAfile chorke_client.pem
openssl help openssl help pkcs12 keytool --help -importkeystore
openssl s_client -connect mail.chorke.com:465 -state openssl s_client -connect mail.chorke.org:465 -state openssl s_client -connect mail.shahed.biz:465 -state