keytool – 查看公钥和私钥

本教程将介绍keytool - 查看公钥和私钥的处理方法,这篇教程是从别的地方看到的,然后加了一些国外程序员的疑问与解答,希望能对你有所帮助,好了,下面开始学习吧。

keytool - 查看公钥和私钥 教程 第1张

问题描述

I created Java keystore programmatically of type jks (i.e. default type).
It is initially empty so I created a DSA certificate.

keytool -genkey -alias myCert -v -keystore trivial.keystore

How can I see the public and private keys?
I.e. is there a command that prints the private key of my certificate?
I could only find keytool -certreq which in my understanding prints the certificate as a whole:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo
BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl
-----END NEW CERTIFICATE REQUEST-----

I assume this is the whole certificate. How can I see private (or public key) via keytool?

解决方案

You created a private (and associated public) key in your keystore. For it to be really usable, you can get it signed by a certification agency (CA) - for this is the -certreq command (you send the output to this certification agency, along with some other information and a bit of money, and they send back a certificate, which you can then import in your keystore.)

Viewing the private key is not intended ... you usually don't need this, since you use the keystore in your Java program, and this knows how to use it.


Edit: Since you want to look at your keystore, here a quick Java program which does this:

import java.io.*;
import java.security.*;
import java.security.cert.Certificate;

public class KeyPrinter {

 /**
  * to be invoked with these parameters:
  * 
  * [0]:  keystore-password
  * [1]:  filename
  * [2]:  alias
  * [3]:  entry-Password (if necessary)
  */
 public static void main(String[] params)
  throws IOException, GeneralSecurityException
 {
  char[] storePass = params[0].toCharArray();
  String fileName = params[1];
  String alias = params[2];
  KeyStore.ProtectionParameter entryPass;
  if(params.length > 3) {
  entryPass=new KeyStore.PasswordProtection(params[3].toCharArray());
  } else {
entryPass = null;
  }

  KeyStore store = KeyStore.getInstance("JKS");
  InputStream input = new FileInputStream(fileName);
  store.load(input, storePass);

  KeyStore.Entry entry = store.getEntry(alias, entryPass);
  System.out.println(entry);

 }
}

First call keytool -list -keystore myStore to know which alias to look for, then call this program with the passwords and parameters. In case of a private key entry, it shows the key itself and additionally a self-signed certificate which contains the public key, in a readable form. In case of a "trusted certificate", it shows only the public key.

好了关于keytool - 查看公钥和私钥的教程就到这里就结束了,希望趣模板源码网找到的这篇技术文章能帮助到大家,更多技术教程可以在站内搜索。