|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Page 5 of 6
We will frequently refer to two system properties based on the system used and where the requisite software is installed. They are:
${java.home}: refers to the location where the JRE is installed
${user.home}: refers to the user's home directory
The actual values for these on my windows system, as an example, are C:\Program Files\JavaSoft\JRE\1.3 and C:\WINDOWS, respectively. The corresponding values on a Solaris system might be /files/j2sdk_1_3_0/jre and /home/raghavan, respectively.
All three tools use the keystore, a repository that stores keys and certificates for the installation. Entries are accessed by unique names referred to as
aliases.
keytool manages the keystore -- for example, it can:
keytool currently handles X.509 certificates, although other formats can be supported by adding the respective providers. The Java
Secure Socket Extension (JSSE) 1.0.2, for example, adds limited support to pkcs12. Different formats can be specified via
the -storetype option in the command line.
keytool allows users to specify any key-pair generation and signature algorithm supplied by any of the registered cryptographic service
providers via the -keyalg and -sigalg command-line options, respectively. The key size can be specified via the -keysize option.
Other useful options for keytool are listed in Table 1.
| Option | Description |
-genkey
|
Generates a key pair (a public key and associated private key) |
-import
|
Reads the certificate or certificate chain and stores it in the keystore entry identified by alias |
-certreq
|
Generates a Certificate Signing Request (CSR), using the pkcs10 format |
-export
|
Exports a certificate associated with the alias |
-list
|
Prints the contents of the entire keystore or the specified alias |
-storepasswd
|
Changes the password used to protect the integrity of the keystore contents |
-keypasswd
|
Changes the password under which the key identified by alias is protected |
-delete
|
Deletes entries from the keystore |
The following command, using the RSA algorithm, will generate a key that is valid for 750 days. The command will store the
key as an alias rags in the default keystore -- .keystore -- in the home directory (or, more precisely in the directory that is resolved by the system property ${user.home}, as explained earlier):
C:signtool> keytool -genkey -alias rags -keyalg rsa -validity 750
Enter keystore password:
What is your first and last name?
[Unknown]: Raghavan Srinivas
What is the name of your organizational unit?
[Unknown]: MDDR
What is the name of your organization?
[Unknown]: Sun Microsystems
What is the name of your City or Locality?
[Unknown]: Burlington
What is the name of your State or Province?
[Unknown]: MA
What is the two-letter country code for this unit?
[Unknown]: US
Is >CN=Raghavan Srinivas, OU=MDDR, O=Sun Microsystems, L=Burlington, ST=MA, C=US
> correct?
[no]: yes
Enter key password for <rags>
(RETURN if same as keystore password):
The following illustrates a X.509 certificate that I got back from the CA.
writeFile.java source file, associated with this article, go tosigntool