Menu
I've been working with certificates, symmetric and asymmetric keys, and things related to web application security. I am developing a web application in Tomcat 7, and I must perform a secure exchange of data between client and server using TLS. In my research, I found the KeyStore Explorer (V. 5.1).
I have some questions related to the use of this program. I know that here may not be the appropriate place to make these types of questions, because the site owner of KeyStore Explorer has a forum. However, the forum does not allow me to create new topics.
When we create a new key pair, we face a window which asks us to choose the algorithm used for the pair generation. After choosing, key generation is made, and then a new window is displayed to the user with the strange name "Generate Key Pair Certificate":
It is on this screen that comes some doubts. In this new screen, the program request the user to choose a signature algorithm, a validity period, and the name, where data from user entity's key pair must be filled.
What does it mean? Am I creating a Digital Certificate signed by myself? And if I am, is there a way to create only a key pair? I was not supposed to create a pair, and from that create a CSR to send it to a Certificate Authority with CSR containing (then) the details of the entity requesting the digital certificate (in case, me)?
With the keytool, I believe we can create a key pair only. But the funny thing is that when we create a keystore with a key pair with the keytool, we open the generated file with the KeyStore Explorer and the pair seems to have been signed by the creator himself, as a digital certificate, for instance:
(Note that we have two fields, "subject" and "Issuer"...)
What I really want is to be able to create a key pair and from that pair generated I want to create a CSR. I know in the program itself comes with documentation. I researched and read the part named "Key Pairs" (the "Generate Key Pair" topic and etc.), but unfortunately I could not solve this confusion. Would someone please explain to me what am I doing wrong and what this all mean?
As always, I thank you all for your attention and time.
bibliography:
https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
http://ruchirawageesha.blogspot.com.br/2010/07/how-to-create-clientserver-keystores.html
http://keystore-explorer.sourceforge.net/releases.php
289
KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface.
As described on the following web page, key pairs can only exist in a Java key store together with at least one certificate. That is why KeyStore Explorer (and keytool as well) always generate a self-signed certificate for a new key pair:
http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html
After you have created the new key pair, simply right-click on the entry and select "Generate CSR".
After the CA has signed a certificate for the CSR, right-click on the key pair again and select "Import CA reply". The self-signed certificate is then replaced by the one from the CA.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
