Java Key Store: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 177: Line 177:
* [https://dzone.com/articles/extracting-a-private-key-from-java-keystore-jks Extracting a Private Key From the Java Keystore]
* [https://dzone.com/articles/extracting-a-private-key-from-java-keystore-jks Extracting a Private Key From the Java Keystore]
* [https://stackoverflow.com/questions/51547746/ Export public key from JKS using Keytool]
* [https://stackoverflow.com/questions/51547746/ Export public key from JKS using Keytool]
* [https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html Import a public SSL certificate into a JVM]
* [[Raspberry Pi Apache2 Lets Encrypt SSL]]
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html Creating a KeyStore in JKS Format]
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html Creating a KeyStore in JKS Format]
* [https://stackoverflow.com/questions/26711731/ Read public key from JKS]
* [https://stackoverflow.com/questions/26711731/ Read public key from JKS]


|}
|}

Revision as of 22:47, 23 March 2022

keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -keystore  clients.jks -alias academia\
 -storepass storepasswd\
 -keypass   storepasswd
keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -storetype pkcs12 -keystore  clients.jks -alias academia\
 -storepass storepasswd\
 -keypass   storepasswd


Java Code

public class JavaKeyStoreTest {
    private static final Logger LOG = LoggerFactory.getLogger(JavaKeyStoreTest.class);
    private static final char[] STORE_PASSWORD = "storepasswd".toCharArray();
    private static final String STORE_TYPE = KeyStore.getDefaultType();
    private static final String KEY_ALIAS = "academia";

    private KeyStore keyStore;

    @BeforeEach
    public void setUp() throws Exception {
        keyStore = KeyStore.getInstance(STORE_TYPE);
        Resource resource = new ClassPathResource("/META-INF/keystore/server.jks");
        keyStore.load(resource.getInputStream(), STORE_PASSWORD);
    }

    @Test
    public void testKey() throws  Exception {
        Key key = keyStore.getKey(KEY_ALIAS, STORE_PASSWORD);
        if (key instanceof PrivateKey){
            Certificate cert = keyStore.getCertificate(KEY_ALIAS);
            PublicKey publicKey = cert.getPublicKey();
            PrivateKey privateKey = (PrivateKey) key;
            LOG.info("Public Key:\n{}", Base64.getEncoder().encodeToString(publicKey.getEncoded()));
            KeyPair keyPair = new KeyPair(publicKey, privateKey);
        }
        Assertions.assertTrue(true);
    }
}

Create

keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -storetype pkcs12 -keystore  clients.jks -alias academia\
 -storepass storepasswd

Import

keytool -importkeystore -deststoretype pkcs12\
 -srckeystore   clients.jks\
 -destkeystore  servers.jks\
 -srcstorepass  storepasswd\
 -deststorepass storepasswd\
 -srcalias      academia\
 -destalias     academia
keytool -importkeystore -deststoretype pkcs12\
 -srckeystore   clients.jks\
 -destkeystore  clients.p12\
 -srcstorepass  storepasswd\
 -deststorepass storepasswd\
 -srcalias      academia\
 -destalias     academia

Root CA Cert

keytool -importcert -trustcacerts\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  rootca.cer\
 -alias rootca

Sub CA Cert

keytool -importcert -trustcacerts\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  subca.cer\
 -alias subca

Certificate

keytool     -importcert\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  software.crt\
 -alias software

Export

Keytool

keytool    -rfc -export\
 -storepass storepasswd\
 -keystore  clients.jks\
 -alias academia\
 -file  academia.pem
keytool         -export\
 -storepass storepasswd\
 -keystore  clients.jks\
 -alias academia\
 -file  academia.pem

OpenSSL

openssl pkcs12 -nodes -nocerts\
 -out private_key.pem\
 -in clients.p12
 openssl pkcs12 -nokeys\
 -out public_key.pem\
 -in clients.p12

Certificate List

keytool -list -keystore clients.jks -storepass storepasswd
keytool -list -keystore clients.p12 -storepass storepasswd
keytool -list -keystore servers.jks -storepass storepasswd

Knowledge

# debugging certificate handshacking
service='api.chorke.org:5443/soap/services';\
echo -e "GET / HTTP/1.0\r\n" | openssl s_client \
-connect $service -CAfile chorke_client.pem
openssl help
openssl help pkcs12
keytool --help -importkeystore
openssl s_client -connect mail.chorke.com:465 -state
openssl s_client -connect mail.chorke.org:465 -state
openssl s_client -connect mail.shahed.biz:465 -state

References