Java Keystore is a certificate store that contains a pair of public keys and a private key for authentication in SSL or HTTPS protocols. Java keytool is a Java tool for generating, manipulating certificates managed by Java Keystore files. In this tutorial, I will show you how to use keytool to generate a Keystore file in Java.
To use keytool to generate a Keystore, you can use the command with the basic structure as follows:
1 |
keytool -genkeypair -alias <alias> -keyalg <keyalg> -keystore <keystore> -keypass <keypass> -storepass <storepass> |
Inside:
- keytool: is a Java keytool tool, if you have installed an environment variable pointing to Java bin directory then you can execute this keytool command anywhere in your machine.
- -genkeypair: The parameter to generate a new public and private key stored in the Keystore file.
- -alias <alias>: alias name used for identity Keystore.
- -keyalg <keyalg>: use the algorithm to generate keys. You can use the following algorithms:
-
- DiffieHellman (DH): for Diffie-Hellman keyAgreement algorithm
- DSA: for Digital Signature algorithm
- RSA: for RSA algorithm (Signature/Cipher)
- EC: for Elliptic Curve algorithm
-
You can learn more about these algorithms on the internet.
- -keystore <keystore>: location of the Keystore file.
- -keypass <keypass>: the password used to protect the private key of the Keystore file. This parameter is optional but if you do not declare it, when you execute the keytool command, it will ask you to enter this password after answering some questions. This password is at least 6 characters!
- -storepass <storepass>: used to ensure the integrity of a Keystore file. This parameter is also optional, and like the -keypass parameter, if you do not declare it when executing the keytool statement, it will also ask you to enter the password. This password also requires at least 6 characters!
Suppose, I now use the following statement:
1 |
keytool -genkeypair -alias huongdanjava -keyalg RSA -keystore /Users/Khanh/Documents/Keystore |
with RSA is an algorithm for generating public and private key pairs.
Then:
You need to enter the password to ensure the integrity of the Keystore file (option -storepass) and then press Enter.
Re-enter the password and then press Enter again:
Answer some questions and then confirm. If everything is ok, enter yes.
At this point, you need to enter the password for the private key in the Keystore file (option -keypass). Press enter if you want this password to be the same as the one we entered above!
After generating, you can go to the directory passed in the command (mine is /Users/Khanh/Documents), enter the following command:
1 |
keytool -list -keystore <keystore> -storepass <storepass> |
to check the results. The meaning of the options as I mentioned above!
Its results are as follows: