AES is used for private (secret) key infrastructures (PKI) and signing. Cipher suites that use AES_256 might require installation of the JCE Unlimited Strength Jurisdiction Policy Files from Oracle
Optional -dname may be used for idenitfying the key
Copy keytool -genseckey -alias serverkey -keyalg AES -keysize 256 -sigalg SHA512withRSA -keystore tomcat/conf/jceks.keystore -storetype jceks -validity 1460 -storepass changeit -dname "CN=server.whackywidget.com,OU=Enterprise IT,O=SuperDuper,L=Smallville,ST=CO,C=US" -ext san=dns:server.whackywidget.com
Copy keytool -list -v -keystore jceks.keystore -storetype jceks -storepass changeit
Copy keytool -certreq -v -keyalg AES -alias serverkey -file tomcat/conf/server.csr -keypass changeit -keystore tomcat/conf/jceks.keystore -storetype jceks -storepass changeit -ext san=dns:server.whackywideget.com
Here is how to create an AES 128 bit key with a JCEKS keystore.
Copy keytool -genseckey -keyalg AES -alias aes128 -keysize 128 -keypass AESKey123 -keystore this.keystore -storetype jceks -storepass changeit
Copy keytool -list -v -keystore this.keystore -storetype jceks -storepass changeit
Here is how to create an AES 192 bit key with a JCEKS keystore.
Copy keytool -genseckey -keyalg AES -alias aes192 -keysize 192 -keypass AESKey123 -keystore this.keystore -storetype jceks -storepass changeit
Copy keytool -list -v -keystore this.keystore -storetype jceks -storepass changeit
Here is how to create an AES 256 bit key with a JCEKS keystore.
Copy keytool -genseckey -keyalg AES -alias aes256 -keysize 256 -keypass AESKey123 -sigalg SHA512withRSA -keystore that.keystore -storetype jceks -storepass changeit
Copy keytool -list -v -keystore that.keystore -storetype jceks -storepass changeit