keytool | 易学教程

Java加密技术（十二）——.PFX(.p12)&个人信息交换文件

阅读更多关于 Java加密技术（十二）——*.PFX(*.p12)&个人信息交换文件

今天来点实际工作中的硬通货！与计费系统打交道，少不了用到加密/解密实现。为了安全起见，通过非对称加密交换对称加密密钥更是不可或缺。那么需要通过什么载体传递非对称算法公钥/私钥信息？数字证书是公钥的载体，而密钥库可以包含公钥、私钥信息。 JKS 和 PKCS#12 都是比较常用的两种密钥库格式/标准。对于前者，搞Java开发，尤其是接触过HTTPS平台的朋友，并不陌生。 JKS 文件（通常为*.jks或*.keystore，扩展名无关）可以通过Java原生工具——KeyTool生成；而后者 PKCS#12 文件（通常为*.p12或*.pfx，意味个人信息交换文件），则是通过更为常用的OpenSSL工具产生。当然，这两者之间是可以通过导入/导出的方式进行转换的！当然，这种转换需要通过KeyTool工具进行！回归正题，计费同事遇到一个难题：合作方交给他们一个*.pfx文件，需要他们从中提取密钥，然后进行加密交互。其实，通过Java直接操作密钥库文件（或个人信息交换文件）对于一般Java开发人员来说，这都是个冷门。不接触数字安全，根本不知所云。况且，Java原生的密钥库文件格式为JKS，如何操作*.pfx文件？密钥库操作需要获知密钥库别名，*.pfx别名是什么？！接下来就解决这些问题！方案：通过keytool密钥库导入命令importkeystore，将密钥库格式由PKCS

keytool with Android Facebook SDK

阅读更多关于 keytool with Android Facebook SDK

问题 I just want some confirmation. I'm developing on windows I'm attempting to integrate facebook into an app and the SDK documentation says I need to 'export a signature' From here: http://developers.facebook.com/docs/guides/mobile/#android So it says run this command: keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64 First I had to download openssl: OpenSSL Now the command above, I assume should be converted to: "C:\path\to

Adding certificate chain to p12(pfx) certificate

阅读更多关于 Adding certificate chain to p12(pfx) certificate

I have aplication in java and cxf which connects to WebServices with client certificate. I got certificates form WebService owner certificate.p12 certificate.pem certificate.crt trusted_ca.cer root_ca.cer I have problem with straightforward converting this p12 certficate to working jks keystore requred by java. I did this: keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore certificate1.jks -deststoretype JKS -storepass secret keytool -import -alias root -file root_ca.cer -trustcacerts -keystore certificate1.jks -storepass secret keytool -import -alias

How to print the public key of a certificate using keytool?

阅读更多关于 How to print the public key of a certificate using keytool?

问题 Is there a way in keytool to print the publick key of a certificate? I tried: keytool -printcert -file client.crt But it gives only the following information: Owner: CN=client, OU=as, O=as, L=as, ST=as, C=as Issuer: EMAILADDRESS=as, CN=ca, OU=as, O=as, L=as, ST=as, C=as Serial number: 3 Valid from: Tue Apr 10 12:18:47 GMT+05:30 2012 until: Wed Apr 10 12:18:47 GMT+05 :30 2013 Certificate fingerprints: MD5: 26:C0:29:E9:8C:AB:C3:9E:95:38:74:8A:87:D3:86:8D SHA1: 5C:5A:BA:47:44:83:7E:CB:48:BE:DD

keytool : Certificate import gives error message - Keystore was tampered with, or password was incorrect

阅读更多关于 keytool : Certificate import gives error message - Keystore was tampered with, or password was incorrect

问题 My goal is to generate a certificate, export it in a file and import in JDK keystore. In first step I have generated a self signed certificate using following command, providing password as 'password' for keystore and key: keytool -genkeypair -keystore .keystore -alias uasera -keyalg RSA In second step I exported the certificate using similar password and following command: keytool -exportcert -keystore .keystore -alias usera -file usera.crt NOW! I am trying to import this certificate in

How to create a certificate chain using keytool?

阅读更多关于 How to create a certificate chain using keytool?

I want to create certificate chain in java as follows: ca.mycompany.com |--asia.mycompany.com |--india.mycompany.com where ca.mycompany.com is a root certificate (self signed). I know this is possible with OpenSSL. But is it possible to to achieve this with keytool? If not, can I achieve this with Mozilla NSS library? There is an example in the keytool documentation that shows how to do this: keytool -genkeypair -keystore root.jks -alias root -ext bc:c keytool -genkeypair -keystore ca.jks -alias ca -ext bc:c keytool -genkeypair -keystore server.jks -alias server keytool -keystore root.jks

How to generate 11 char hash key for Sms Retriever with Google App signing

阅读更多关于 How to generate 11 char hash key for Sms Retriever with Google App signing

I had generated the 11 char hash using the AppSignatureHelper class. But after uploading the apk to play store, they hash doesn't work anymore. And I found out that Play replaces the key with another one which is why the hash gets changed as well. Now I'm having trouble getting the 11 char hash key. I don't know how to use the commands given by Google. I found this command from here keytool -exportcert -alias MyAndroidKey -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11 Since,

HTTPS加密协议

阅读更多关于 HTTPS加密协议

使用JDK自带的keytool工具生成一个证书（keystore文件），其中包含了密钥。 a.在命令行输入以下命令：keytool -genkey -alias tbb -keyalg RSA -keystore d:\tbb.keystore(可自选地址) b.根据系统提示输入“keystore”密码和其他信息，注意：您的名字与姓氏是什么？此项要输入本机IP地址 c.输入私钥密码，确认私钥密码系统将在当前目录下生成一个“keystore”文件创建自签名的证书 a.使用使用JDK自带的命令keytool创建自签名证书：keytool -selfcert -alias tbb -keystore d:\tbb.keystore(可自选地址) b.创建成功后，将证书导出：keytool -export -alias tbb -keystore d:\tbb.keystore -storepass 123456 -rfc -file d:\tbb.cer(可自选地址) c.将证书导入到“受信任的根证书颁发机构”，开始->运行->certmgr.msc 修改配置文件server.xml，如下：重启tomcat 来源： https://www.cnblogs.com/maggieq8324/p/11414802.html

How does keytool protect keys?

阅读更多关于 How does keytool protect keys?

When you are building a key store with the Java Keytool utility, how are the keys protected? I've read through the documentation, and I realize that each private key has a key password, and then the store has a store password. But what mechanism is used to protect the data? Is it an encryption cipher? If so, what is the algorithm? I'm focused specifically on how keytool does the protection when it is building a JKS file. Sun's default JKS keystore uses a proprietary algorithm, primarily to get around exporting restrictions on standard algorithms. The algorithm is implemented in this class, sun

keytool和openssl生成的证书转换

阅读更多关于 keytool和openssl生成的证书转换

keytool和openssl生成的证书转换 keytool生成证书示例生成私钥+证书： keytool -genkey -alias client -keysize 2048 -validity 3650 -keyalg RSA -dname "CN=localhost" -keypass $client_passwd -storepass $client_passwd -keystore ClientCert.jks 生成文件文件ClientCert.jks。导出证书： ~/tmp/cert# keytool -export -alias client -keystore ClientCert.jks -storepass $client_passwd -file ClientCert.crt Certificate stored in file <ClientCert.crt> ~/tmp/cert# ll total 8 -rw-r--r-- 1 root root 715 Jun 14 20:24 ClientCert.crt -rw-r--r-- 1 root root 2066 Jun 14 20:21 ClientCert.jks keytool工具不支持导出私钥。 openssl生成证书示例生成公钥私钥： ~/tmp/cert# openssl genrsa

订阅 keytool