Keytool, Keystore - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Keytool, Keystore

Description:

usage: keytool command options. keytool -genkey -keyalg rsa -alias TOHclient -keystore ... Create a JAR jar -cf Aliases.jar Aliases.class jar -tf Aliases.jar ... – PowerPoint PPT presentation

Number of Views:506
Avg rating:3.0/5.0
Slides: 15
Provided by: csU96
Category:
Tags: ajar | keystore | keytool

less

Transcript and Presenter's Notes

Title: Keytool, Keystore


1
Lecture 6
  • Keytool, Keystore
  • OpenSSL
  • JAR signing

2
Keytool
  • Tool for
  • Creating
  • Storing
  • Importing/Exporting
  • Managing
  • Keys

3
Keytool
  • usage keytool command options
  • keytool -genkey -keyalg rsa -alias TOHclient
    -keystore client.keystore
  • keytool list keystore client.keystore

4
Keystore example
5
Keytool (cont.)
  • Create our own CA (for future use)
  • Create some keys
  • Create some certificates signing requests (also
    for future use)
  • Use the CA to sing certificates (also for future
    use)
  • Use these keys to encrypt something

6
In practice
  • CA
  • mkdir demoCA cd demoCA mkdir newcerts touch
    index.txt  openssl genrsa -out ca.key
    1024  openssl req -new -x509 -key ca.key -out
    demoCA/cacert.pem -days 365  openssl req -new
    -x509 -key ca.key -out cacert.pem -days 365
  • Under demoCA create file serial (without any
    file ending) with entry 01 in it.

7
In practice
  • Client  
  • keytool -genkey -keyalg rsa -alias TOHclient
    -keystore client.keystore  keytool -certreq
    alias TOHclient -keystore client.keystore -file
    TOHclient.csr  openssl ca in TOHclient.csr -out
    TOHclient.pem -keyfile ca.key -days
    365  openssl x509 -in TOHclient.pem -out
    TOHclient.der -outform DER   keytool -import
    -alias TOHclient -keystore client.keystore -file
    TOHclient.der 

8
Keystore
  • Different types
  • JKS
  • PKCS12
  • JCEKS (also symmetric keys)
  • BKS (in BC)
  • UBER (in BC)

9
java.security.Keystore
  • KeyStore ks KeyStore.getInstance("JKS")
  • aliases()
  • containsAlias()
  • deleteEntry()
  • getCertificate()
  • getCertificateAlias()
  • load()
  • getKey()

10
java.security.Keystore
  • See API documentation for a complete method list
  • Example Listing the aliases Aliases.java
  • Retrieving a key as an exercise

11
jarsigner
  • A tool for signing JAR files
  • Jarsigner options file file.jar
  • Create a JAR
  • gtjar -cf Aliases.jar Aliases.class
  • gtjar -tf Aliases.jar
  • D\Opetus\TOH\kooditgtjarsigner -keystore
    toh.keystore -storepass salakala -keypass
    salakala -signedjar AliasSigner.jar Aliases.jar
    toh
  • D\Opetus\TOH\kooditgtjarsigner -verify -keystore
    toh.keystore -storepass salakala -keypass
    salakala AliasSigner.jar toh
  • jar verified.

12
Wrapping RSA keys
  • The same way we wrapped secret keys, we can also
    wrap private keys (You can also wrap a public key
    if it makes any sense)
  • Let the example speak for itself
    AESWrapRSAExample.java

13
Secret Key Exchange
  • Public Key Encryption is too slow for bulk data
  • A combination of symmetric and asymmetric
    encryption could help
  • Example RSAKeyExample.java

Public Key
Encrypted Key
Asymmetric
Secret Key
Encrypted data
Symmetric
Data
14
Diffie-Hellman
  • A and B exchange secrets so that E cannot
    determine the secret
  • A sends GU mod P
  • B sends GV mod P
  • The shared secret is GUV mod P
  • Example BasicDHExample.java
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Keytool, Keystore" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!