Keytool has two main files as below
Keystore: Stores all keys and certificates
Truststore: Stores all trusted CA certificates
Types of Keystore:
i) JKS (Java keystore) -- holds Private keys & Certificates -- Default option
ii) JCEKS (Java Cryptography Extension keystore) -- holds Secret key, Private key & Certificates
iii) PKCS#12 -- Can be used by non java apps, Password based key data format 2 & uses DES-3(default) and AES encryption.
iv) PKCS#11 -- USB Token, Smartcard
v) Windows-My/Windows-Root
vi) Third party like Bouncy Castle, IAIK etc)
Example:
$ keytool -list -keystore keystore_node1.jks
Note: not mentioned store type as by default assumes jks
$ keytool -list -keystore keystore_node1.jceks -storetype jceks
$ keytool -list -keystore keystore_node1.pkcs12 -storetype pkcs12
##pkcs11 is basically a configuration file
Generating keystores:
$ keytool -genkey
Generates keystore in home directory(/home/bypramod/.keystore) of use using jks format by default.
$ keytool -list
Shows default from home directory
$ keytool -list -v
$ keytool -list -rfc
Will print certificate in PEM format
$ keytool -genkey -alias bypramod_node1
This avoids contradiction of not able to generate keystore multiples times as by default it use "mykey" name.
***
No comments:
Post a Comment