Java Keytool Introduction
Generate a ECC Key and PKCS12 Keystore
Generate a Java Keystore and Private/Public Key - Elliptical Curve Cryptography (ECC) with pkcs12 Keystore
Elliptical Curve Cryptography (ECC). ECC is emerging as an attractive public-key crypto system for mobile/wireless and other environments. Compared to traditional crypto systems like RSA, ECC offers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings.. The following examples show how to create ECC keys with a pkcs12 Keystore.
Size of keypair - Range from 112 to 571 (inclusive) - Default is 256
Key Algorithm (keyalg) - EC
Signature Algorithm (sigalg) - SHA256withECDSA / SHA384withECDSA / SHA512withECDSA
How long the Key is Valid - 1085 days (~3 years).
Common Name (CN): The Common Name is usually the “company.com” or Person Name or Department
Organizational Unit (OU): The Organizational Unit (OU) field is the name of the department or organization unit making the request
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation.
Locality or City (L): The Locality field is the city or town name, for example: Planet
State or Province (S): Spell out the state completely; Colorado
Country Name (C): Use the two-letter code without punctuation for country, for example: US
The password of the private key:PWKey123
The alias name of our key: serverkey
The name of the keystore: that.keystore (if the file does not exist, it will be created)
KeyStore file format: pkcs12
Password of the keystore: changeit
ECC (Public/Private) Key Pair Creation
Creating an ECC keys and pkcs12 Keystore
Copy keytool -genkeypair -keysize 256 -sigalg SHA512withECDSA -keyalg EC -alias serverkey -keypass changeit -validity 365 -dname "CN=Name,OU=IT,O=Mega,L=Planet,ST=CO,C=US" -storetype pkcs12 -keystore that.keystore -storepass changeit Check the key and keystore creation
Copy keytool -list -v -keystore that.keystore -storetype pkcs12 -storepass changeit 