• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

How to generate secret key with java keytool

January 14, 2020 by Mister PKI Leave a Comment

What is Java keytool?

The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to generate a secret key in a keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.

What is a secret key?

A secret key is a single key shared by multiple parties to perform both encryption and decryption. Alternatively, generate a public/private key pair for asymmetric encryption. Common secret key algorithms include DES, 3DES, and AES. We will be using the AES 256 algorithm for demonstration purposes.

What keytool command do I use to generate a secret key in a keystore?

Use this command to generate a secret key in a PKCS12 keystore using the java keytool. The result will be a keystore containing one secret key identified by the given alias.

keytool -genseckey \
 -alias secret \
 -keypass changeit \
 -keyalg AES \
 -keysize 256 \
 -keystore example.p12 \
 -storepass changeit \
 -storetype PKCS12 \
 -v

Java keytool options:

-alias– The alias of the entry encapsulated in the keystore. The chosen value should enhance the readability of the keystore entries, especially when the keystore contains multiple entries.

-keypass – The secret key password. If not entered, you will either prompted or it will default to the -storepass value if set.

-keyalg – In this example, the AES algorithm was used.

-keysize – For AES, 256 is recommended. While this can be set, not specifying this option will use the default value based on the specified -keyalg.

-keystore – The filename of the keystore.

-storepass – The current keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.

-storetype – Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.

-v – Verbose output.

generate secret key
generate secret key
Video on how to gen a secret key with java keytool

Importing a password into a keystore

Alternatively, if you have an existing secret key or password you can import into a keystore with the following keytool -importpass command:

Here are the official keytool docs to dive further into how to generate a secret key with java keytool. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__CREATEORADDDATATOTHEKEYSTORE-507D49D2

Read all of our blog content.

keytool

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022