Generate Public Private Key Pair Java Rating: 8,4/10 4444 votes

The first step in configuring a VT Display session for SSH client authentication using a public key is to use the keytool program to generate a public-private key pair. About keytool keytool is a multipurpose utility program, included in the Java 2 Version 1.4 JRE and distributed with Host On-Demand, for managing keys and certificates.

  1. Java Public Private
  2. Generate Public Private Key Pair Java Pdf
  3. How To Generate Private Key

Many enterprises create and distribute their own public-private key pairs for authentication.

Use the following code as a guideline.

  1. Nov 29, 2016  There are several ways to generate a Public-Private Key Pair depending on your platform. In this example, we will create a pair using Java. The Cryptographic Algorithm we will use in.
  2. Nov 01, 2018  The API we use to generate the key pairs is in the java.security package. That’s mean we have to import this package into our code. The class for generating the key pairs is KeyPairGenerator. To get an instance of this class we have to call the getInstance methods by providing two parameters. The first parameter is algorithm and the second parameter is the provider.
  1. In your local environment, obtain or generate your public-private key pair.

    If you need it, here's some background on generating key pairs in Linux and Windows.

    For now, just generate and save the keys locally.

  2. In vRealize Automation Cloud Assembly, before provisioning, edit the machine blueprint code. Add the following properties.

    remoteAccess.authentication = publicPrivateKey

    remoteAccess.sshKey = The key code, taken from within the public key file key-name.pub

    remoteAccess.username = user-name

    The username is optional and gets created for you to log in with. If you omit it, the system generates a random ID as the username.

    Example:

  3. In vRealize Automation Cloud Assembly, provision the machine from its blueprint, and bring it to a started-up state.
  4. Using the cloud vendor client, access the provisioned machine.
  5. Add the public key file to the home folder on the machine. Use the key that you specified in remoteAccess.sshKey.
  6. Verify that the private key file counterpart is present on your local machine.

    The key is typically /home/username/.ssh/key-name with no .pub extension.

  7. Open a remote SSH session, and connect to the provisioned machine.

    ssh -i key-nameuser-name@machine-ip

The Java Keytool is a command line tool which can generate public key / private key pairs and store them in a Java KeyStore. The Keytool executable is distributed with the Java SDK (or JRE), so if you have an SDK installed you will also have the Keytool executable.

The Keytool executable is called keytool. To execute it, open a command line (cmd, console, shell etc.). and change directory into the bin directory of your Java SDK installation. Type keytool followed by pressing the Enter key. You should see something similar to this:

As you can see, keytool supports a set of commands to work with keys, certificates and key stores. This Java Keytool tutorial will cover the most commonly used of these commands.

Keytool Scripts

Keytool commands take a lot of arguments which may be hard to remember to set correctly. Therefore it is a good idea to create some Keytool CMD or Shell scripts with the Keytool commands in. The scripts makes it easier to re-execute the keytool commands later on, and makes it possible to go back later and see how a KeyStore was generated.

Generate Key Pair

Generating a public key / private key pair is one of the most common tasks to use the Java Keytool for. The generated key pair is inserted into a Java KeyStore file as a self signed key pair. Here is the general command line format for generating a key pair with the Keytool:

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

The line breaks should not be included in the final command. The line breaks are only there to make the command format easier to read here.

Here is an example keytool -genkeypair command. Remember to remove the line breaks before trying it out!

Export Certificate

The Java Keytool can also export certificates stored in a KeyStore. Here is how the Keytool command looks for exporting certificates:

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

Here is a Keytool command example that exports the certificate for a key pair. Remember to remove the line breaks when entering the command on the command line.

Import Certificate

The Java Keytool can also import certificates into a KeyStore. Here is how the Keytool command looks for importing certificates:

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

Here is an example Keytool command that imports a certificate into a KeyStore. Remember to remove the line breaks when entering the command on the command line.

List KeyStore Entries

To list the entries in a Java KeyStore you can use the Keytool -list command. Here is the format for the Keytool -list command. The line breaks are only here to make the command format easier to read. Remove the line breaks before running the command.

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

Here is a Keytool -list command example. Remember to remove the line breaks!

This Keytool -list command will list all entries in the given KeyStore. The output of running this Keytool -list command will look similar to this:

If you include an -alias argument in the Keytool -list command, then only the entry matching the given alias will get listed. Here is an example Keytool -list command with an -alias argument:

The output of running the above Keytool -list command will look similar to this:

Delete KeyStore Entry

The Keytool has a command that can delete a key entry in a Java KeyStore. The Keytool command for deleting keys is -delete. Here is the format of the Keytool -delete command:

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

Here is a Keytool -delete command example. Remember to remove the line breaks before running it!

This Keytool -delete command will remove the KeyStore entry with the alias testkey from the KeyStore stored in the file keystore.jks .

Generate a Certificate Request

Java Public Private

The Java Keytool can generate a certificate request using the -certreq command. A certificate request is a request for a certificate authority (CA) to create a public certificate for your organization. Once generated, the certificate request should be sent to the CA you want to create a certificate for you (e.g. Verisign, Thawte, or some other CA).

Before you can generate a certificate request for a private key, public key pair, you must have generated that private key, public key pair into the Keystore (or imported it). See elsewhere in this Java Keytool tutorial to see how to do that.

Here is the command format for generating a certificate request. Remember to remove all line breaks when trying out this command:

The arguments are explained in the Keytool Arguments section. Not all of these arguments are needed. Many are optional. The Keytool will tell you if you are missing a required argument.

Here is a Java Keytool -certreq command example:

This command will generate a certificate request for the key stored with alias testkey in the keystore file keystore.jks, and write the certificate request into the file named certreq.certreq .

Generate Public Private Key Pair Java Pdf

Remember, the line breaks are only included to make the command easier to read. Omit them when typing in the command on the command line yourself.

Public

How To Generate Private Key

Keytool Arguments

Below is a list of the arguments the various Keytool commands take. Please keep in mind that not all commands accept all of these arguments. Look at the concrete command to see what arguments it takes.

ArgumentDescription
-aliasThe name in the Java KeyStore the generated key should be identified by. Remember, an alias can only point to one key.
-keyalgThe name of the algorithm used to generate the key. A common value is RSA meaning the RSA algorithm should be used to generate the key pair.
-keysizeThe size in bits of the key to generate. Normally key sizes are multiples of 8 which aligns with a number of bytes. Additionally, different algorithms may only support certain preset key sizes. You will need to check what the key size should be for the key you want to generate.
-sigalgThe signature algorithm used to sign the key pair.
-dnameThe Distinguished Name from the X.500 standard. This name will be associated with the alias for this key pair in the KeyStore. The dname is also used as the 'issuer' and 'subject' fields in the self signed certificate.
-keypassThe key pair password needed to access this specific key pair within the KeyStore.
-validityThe number of days the certificate attached to the key pair should be valid.
-storetypeThe file format the KeyStore should be saved in. The default is JKS. Another option is the value PKCS11 which represents the standard PKCS11 format.
-keystoreThe name of the KeyStore file to store the generated key pair in. If the file does not exist, it will be created.
-fileThe name of the file to read from or write to (certificate or certificate request).
-storepassThe password for the whole KeyStore. Anyone who wants to open this KeyStore later will need this password. The storepass is not the same as the keypass. The keypass password only counts for a single key. You will need both the KeyStore password and the key password to access any given key stored in a KeyStore.
-rfc If this flag is included (it has no value following it) then Keytool will use a textual format rather than binary format e.g. for export or import of certificates. The value -rfc refers to the RFC 1421 standard.
-providerNameThe name of the cryptographic API provider you want to use (if any) when generating the key pair. The provider name must be listed in the Java security property files for this to work.
-providerClassThe name of the root class of the cryptographic API provider you want to use. Use this when the provider name is not listed in the Java security property files.
-providerArgArguments you can pass to your cryptographic provider at initialization (if needed by the provider).
-vShort for 'verbose' (?!?), meaning the Keytool will print out a lot of extra information into the command line in a humanly readable format.
-protectedSpecifies whether or not the KeyStore password should be provided by some external mechanism like a pin reader. Valid values are true and false.
-JjavaoptionA Java option string (Java VM options) which can be passed to the Java VM that generates the key pair and creates the KeyStore.
Right 1