Sunday, October 14, 2012

Steps to generate public priavet key pair

There are three steps to generate private - publik key pair using java keytool.

1) Generate private key

Following is the command to generate private key
keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650

When  you execute this command, you will have to give some inputs and shown follows:
>    keytool -genkey -keystore myPrivateKey.store -alias myPrivateKey -validity 3650
Enter keystore password:abc123
Re-enter new password:abc123
What is your first and last name?
  [Unknown]:  Master Triumph
What is the name of your organizational unit?
  [Unknown]:  Research
What is the name of your organization?
  [Unknown]:  MyOrganization
What is the name of your City or Locality?
  [Unknown]:  Mumbai
What is the name of your State or Province?
  [Unknown]:  Maharstra
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharstra, C=IN correct?
  [no]:  yes

Enter key password for <myPrivateKey>
        (RETURN if same as keystore password):xyz123
       
Here abc123 is password of keystore (in which private key generated is stored) and xyz123 is the password of the private key generated with alias myPrivateKey.
Validity of this key is of 10 years (3650 days)

       

2) Export private key to Certificate:

To generate coresponding public key from the private key you have to first export private key to the certificate.
keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
When  you execute this command, you will have to give key store password and you will see the message as follows:
>keytool -export -keystore myPrivateKey.store -alias myPrivateKey -file myCertificate.cer
Enter keystore password:abc123
Certificate stored in file <myCertificate.cer>

3) Import public key from the certificate:

After certificate is generated, you can import public key from thwt certificate. Following is the command to import publik key
keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
 
When  you execute this command, you will have to give key store password for public key store and you will see the information as follows:
>keytool -import -keystore myPublic.store -alias myPublicKey -file myCertific
ate.cer -validity 3650
Enter keystore password:
Re-enter new password:
Owner: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Issuer: CN=Master Triumph, OU=Research, O=MyOrganization, L=Mumbai, ST=Maharastra, C=IN
Serial number: 507ad1ba
Valid from: Sun Oct 14 20:22:42 IST 2012 until: Wed Oct 12 20:22:42 IST 2022
Certificate fingerprints:
         MD5:  B3:49:00:A4:7D:84:99:9D:B9:98:95:7B:B4:5C:49:C8
         SHA1: 65:D4:17:0E:31:1A:29:80:8D:8E:FC:25:50:93:18:E8:DF:C8:85:84
         Signature algorithm name: SHA1withDSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

Now you have both private key and publik key. You can share your public key to whome you want to communicate. Don't share private key to any one. Now you can delete certificate file.

public key private key Cryptography

Public Key Cryptography

Public key cryptography is a security mechanism used to provide confidentiality and authenticity in information exchange by using cryptographic algorithms that work with public and private keys. These cryptographic algorithms are used to digitally sign documents, digital signature verification, and document encryption and decryption.

The public key is a number, which is usually bound to a person. A public key can be used for -
  • check digital signatures, created with the corresponding private key,
  • encrypting documents that can then be decrypted only by the owner of the corresponding private key. 
The public keys are not secret to anybody and are usually publicly available. The public key of a given person must be known to anyone communicating with the person using public key cryptography.

The private key is a number, known only to its owner. A private key can be used for -
  • sign documents and 
  • decrypt documents that are encrypted with the corresponding public key. 
Private keys are generally password protected and private to it's owner. Owner must not share this key to any one.

In next post you will see the procedure (commands) to create private public key pair using java keytool.