Java Keytool Introduction

RSA Key and JCEKS Keystore

Generate a Java Keystore and Private/Public Key - RSA with JCEKS Keystore

RSA is used for comparability with legacy systems but it much slower than Elliptical Curves. The following examples show how to create an RSA key with JCEKS Keystore.

The following breaks down the options we will use, please change them to fit your needs:

Size of keypair 4096 / 2048
Key Algorithm (keyalg) - RSA
Signature Algorithm (sigalg) - SHA256withRSA / SHA384withRSA / SHA512withRSA
How long the Key is Valid - 1085 days (~3 years).

Common Name (CN): The Common Name is usually the “company.com” or Person Name or Department
Organizational Unit (OU): The Organizational Unit (OU) field is the name of the department or organization unit making the request
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation.
Locality or City (L): The Locality field is the city or town name, for example: Planet
State or Province (S): Spell out the state completely; Colorado
Country Name (C): Use the two-letter code without punctuation for country, for example: US

The password of the private key: PWKey123
The alias name of our key: serverkey
The name of the keystore: this.keystore (if the file does not exist, it will be created)
KeyStore file format: JCEKS
Password of the keystore: changeit

RSA (Public/Private) Key Pair Creation

Creating an RSA keys and JCEKS Keystore

Here is how to create a RSA based JCEKS keystore and keys.

 Copy keytool -genkeypair -keysize 4096 -sigalg SHA512withRSA -keyalg RSA -validity 1085 -dname "CN=Name,OU=IT,O=Mega,L=Planet,ST=CO,C=US" -alias serverkey -keypass PWKey123 -keystore this.keystore -storetype jceks -storepass changeit 
Check the keys and keystore creation
 Copy keytool -list -v -keystore this.keystore -storetype jceks -storepass changeit 

Should look something like the following:

RSA_JCEKS