Key Management Tool: KeyTool

• The java.security.KeyStore provides a repository for cryptographic keys and certificates
• Keytool is an inbuilt tool that is used to generate key pairs, import digital certificates, export existing keys, create self-signed certificates, etc.

Commands for generating

• Generate a Java keystore and key pair
  – keytool – genkey -alias mydomain -keyalg RSA-keystore keystore.jks
• Generate a certificate signing request (CSR) for na existing Java keystore
  – keytool – certreq – alias mydomain -keystore keystore.jks -file mydomain.csr
• Generate a keystore and self-signed certificate
  – keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepassword -vlidity 360

• Commands for Importing
• Import a root or intermediate CA certificate to an existing Java keystore
  – keytool -import -trustcaert alisk root -file Thawte.crt – keystore keystore.jks
• Import a signed primary certificate to an existing Java keystore
  – keypol -import -trustcacerts -alias mydomain – file mydomain.cret -keystoree keystore.jks

Key management Tool: KeyTool

• Generates a private key in the keystore:
  – keytool -genkeypair – alias certificatekey -keyalg RSA -validaity 7 -keystore keystore.sk

Key management Tool (Cont’d)

• Displays contents of the keystore:
  – keytool -list -v -keystore keystore.jks