Menu
I am using keytool to create a CSR.
I wonder what is the difference between the options -genkey and -genkeypair. My understanding is that -genkey creates only private key and -genkeypair creates both private and public key.
If so, how do I get the public key of the private key which is created using -genkey?
363
OpenSSL is an open-source implementation of the SSL and TLS protocols. KeyTool is java based Key and Certification Management Tool, which manages a keystore(database) of cryptographic keys, X. 509 certificate chains, and trusted certificates.
A Java Keystore (JKS) is a common keystore type that is used for Java environments because it is easier to set up. JKSs use files with a . jks extension that are stored in the zFS file system. The JKS is referenced by the keyStore element in the server.
A keystore contains personal certificates, plus the corresponding private keys that are used to identify the owner of the certificate. For TLS, a personal certificate represents the identity of a TLS endpoint.
cacerts is where Java stores public certificates of root CAs. Java uses cacerts to authenticate the servers. Keystore is where Java stores the private keys of the clients so that it can share it to the server when the server requests client authentication.
Per https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html, this keytool flag was named -genkey in earlier releases. While the old name is still supported, -genkeypair is preferred going forward.
So essentially, both are the same
192
Hi there in old version of java was named -genkey which is stil supported
This command was named -genkey in earlier releases. The old name is still supported in this release. The new name, -genkeypair, is preferred going forward.
Keytool Java 8 documentation
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
