Thursday, June 20, 2013

Creating two files to hold key pairs

Sometimes there is a need to use private/public key pair for authentication/verification. SSH and other secure command utilize a similar strategy.

Below steps create two files. The file called keystore.jks holds the private key that is used to sign a piece of data. They keystore.jks is a private file and should be secured. The file customer.jks contains the certificate-which wraps the corresponding public key.
The file customer.jks is public and can be used to verify the signature produced by using private key from keystore.jks.

1. Create a JKS file to hold the private key and certificate (which is wrapped public key)

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

2. Export the certificate from keystore file created in previous step with to a file called mydomain.crt

keytool -export -alias selfsigned -file mydomain.crt -keystore keystore.jks

3. Create a new JKS file to hold the certificate exported in previous step

keytool -genkey -keyalg RSA -alias blah -keystore customer.jks -storepass password -validity 360 -keysize 2048

4. Now import the exported certificate to the customer.jks

keytool -importcert -alias selfsigned -file mydomain.crt -keystore customer.jks

5. Verify that customer.jks contains certificate with alias selfsigned

keytool -list -v -keystore customer.jks