There are three steps to generate private - publik key pair using java keytool.
>keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
ate.cer -validity 3650
Enter keystore password:
Re-enter new password:
Owner: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Issuer: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Serial number: 507ad1ba
Valid from: Sun Oct 14 20:22:42 IST 2012 until: Wed Oct 12 20:22:42 IST 2022
Certificate fingerprints:
MD5: B3:49:00:A4:7D:84:99:9D:B9:98:95:7B:B4:5C:49:C8
SHA1: 65:D4:17:0E:31:1A:29:80:8D:8E:FC:25:50:93:18:E8:DF:C8:85:84
Signature algorithm name: SHA1withDSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
Now you have both private key and publik key. You can share your public key to whome you want to communicate. Don't share private key to any one. Now you can delete certificate file.
1) Generate private key
Following is the command to generate private key
keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650
When you execute this command, you will have to give some inputs and shown follows:
> keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650
Enter keystore password:abc123
Re-enter new password:abc123
What is your first and last name?
[Unknown]: Master Triumph
What is the name of your organizational unit?
[Unknown]: Research
What is the name of your organization?
[Unknown]: MyOrganization
What is the name of your City or Locality?
[Unknown]: Mumbai
What is the name of your State or Province?
[Unknown]: Maharstra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharstra, C=IN correct?
[no]: yes
Enter key password for <myPrivateKey>
(RETURN if same as keystore password):xyz123
Here abc123 is password of keystore (in which private key generated is stored) and xyz123 is the password of the private key generated with alias myPrivateKey.
Validity of this key is of 10 years (3650 days)
keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650
When you execute this command, you will have to give some inputs and shown follows:
> keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650
Enter keystore password:abc123
Re-enter new password:abc123
What is your first and last name?
[Unknown]: Master Triumph
What is the name of your organizational unit?
[Unknown]: Research
What is the name of your organization?
[Unknown]: MyOrganization
What is the name of your City or Locality?
[Unknown]: Mumbai
What is the name of your State or Province?
[Unknown]: Maharstra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharstra, C=IN correct?
[no]: yes
Enter key password for <myPrivateKey>
(RETURN if same as keystore password):xyz123
Here abc123 is password of keystore (in which private key generated is stored) and xyz123 is the password of the private key generated with alias myPrivateKey.
Validity of this key is of 10 years (3650 days)
2) Export private key to Certificate:
To generate coresponding public key from the private key you have to first export private key to the certificate.
keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
When you execute this command, you will have to give key store password and you will see the message as follows:
>keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
Enter keystore password:abc123
Certificate stored in file <myCertificate.cer>
keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
When you execute this command, you will have to give key store password and you will see the message as follows:
>keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
Enter keystore password:abc123
Certificate stored in file <myCertificate.cer>
3) Import public key from the certificate:
After certificate is generated, you can import public key from thwt certificate. Following is the command to import publik key
keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
When you execute this command, you will have to give key store password for public key store and you will see the information as follows:keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
>keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
ate.cer -validity 3650
Enter keystore password:
Re-enter new password:
Owner: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Issuer: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Serial number: 507ad1ba
Valid from: Sun Oct 14 20:22:42 IST 2012 until: Wed Oct 12 20:22:42 IST 2022
Certificate fingerprints:
MD5: B3:49:00:A4:7D:84:99:9D:B9:98:95:7B:B4:5C:49:C8
SHA1: 65:D4:17:0E:31:1A:29:80:8D:8E:FC:25:50:93:18:E8:DF:C8:85:84
Signature algorithm name: SHA1withDSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
Now you have both private key and publik key. You can share your public key to whome you want to communicate. Don't share private key to any one. Now you can delete certificate file.