Java Key Store

keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -keystore  clients.jks -alias academia\
 -storepass storepasswd\
 -keypass   storepasswd

keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -storetype pkcs12 -keystore  clients.jks -alias academia\
 -storepass storepasswd\
 -keypass   storepasswd

Java Code

public class JavaKeyStoreTest {
    private static final Logger LOG = LoggerFactory.getLogger(JavaKeyStoreTest.class);
    private static final char[] STORE_PASSWORD = "storepasswd".toCharArray();
    private static final String STORE_TYPE = KeyStore.getDefaultType();
    private static final String KEY_ALIAS = "academia";

    private KeyStore keyStore;

    @BeforeEach
    public void setUp() throws Exception {
        keyStore = KeyStore.getInstance(STORE_TYPE);
        Resource resource = new ClassPathResource("/META-INF/keystore/server.jks");
        keyStore.load(resource.getInputStream(), STORE_PASSWORD);
    }

    @Test
    public void testKey() throws  Exception {
        Key key = keyStore.getKey(KEY_ALIAS, STORE_PASSWORD);
        if (key instanceof PrivateKey){
            Certificate cert = keyStore.getCertificate(KEY_ALIAS);
            PublicKey publicKey = cert.getPublicKey();
            PrivateKey privateKey = (PrivateKey) key;
            LOG.info("Public Key:\n{}", Base64.getEncoder().encodeToString(publicKey.getEncoded()));
            KeyPair keyPair = new KeyPair(publicKey, privateKey);
        }
        Assertions.assertTrue(true);
    }
}

Create

keytool -genkey -keyalg RSA -keysize 2048 -validity 7300\
 -dname     "CN=Chorke Academia, OU=Academia, O=Chorke Inc, L=Kuala Lumpur, ST=WP, C=MY"\
 -storetype pkcs12 -keystore  clients.jks -alias academia\
 -storepass storepasswd

Import

keytool -importkeystore -deststoretype pkcs12\
 -srckeystore   clients.jks\
 -destkeystore  servers.jks\
 -srcstorepass  storepasswd\
 -deststorepass storepasswd\
 -srcalias      academia\
 -destalias     academia

keytool -importkeystore -deststoretype pkcs12\
 -srckeystore   clients.jks\
 -destkeystore  clients.p12\
 -srcstorepass  storepasswd\
 -deststorepass storepasswd\
 -srcalias      academia\
 -destalias     academia

Root CA Cert

keytool -importcert -trustcacerts\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  rootca.cer\
 -alias rootca

Sub CA Cert

keytool -importcert -trustcacerts\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  subca.cer\
 -alias subca

Certificate

keytool     -importcert\
 -storepass storepasswd\
 -keystore  clients.jks\
 -file  software.crt\
 -alias software

Export

Keytool

keytool    -rfc -export\
 -storepass storepasswd\
 -keystore  clients.jks\
 -alias academia\
 -file  academia.pem

keytool         -export\
 -storepass storepasswd\
 -keystore  clients.jks\
 -alias academia\
 -file  academia.pem

OpenSSL

openssl pkcs12 -nodes -nocerts\
 -out private_key.pem\
 -in clients.p12

 openssl pkcs12 -nokeys\
 -out public_key.pem\
 -in clients.p12

Certificate List

keytool -list -keystore clients.jks -storepass storepasswd
keytool -list -keystore clients.p12 -storepass storepasswd
keytool -list -keystore servers.jks -storepass storepasswd

Knowledge

# debugging certificate handshacking
service='api.chorke.org:5443/soap/services';\
echo -e "GET / HTTP/1.0\r\n" | openssl s_client \
-connect $service -CAfile chorke_client.pem

openssl help
openssl help pkcs12
keytool --help -importkeystore
openssl s_client -connect mail.chorke.org:465 -state

References

Java Key Store

Contents

Java Code

Create

Import

Root CA Cert

Sub CA Cert

Certificate

Export

Keytool

OpenSSL

Certificate List

Knowledge

References

Navigation menu

Java Key Store

Java Code

Create

Import

Root CA Cert

Sub CA Cert

Certificate

Export

Keytool

OpenSSL

Certificate List

Knowledge

References

Navigation menu

Search