Keytool Java and TLS / SSL

Question

Keytool Java and TLS / SSL

I have a client socket and a server socket. The server has a keystore with a key in it.

keytool -genkey -alias mystuff -keyalg RSA -keystore keystore.jks -keysize 2048

This page says that it generates a key pair when this command is executed. https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

When I run this command:

keytool -list -v -keystore keystore.jks

I see:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: mystuff
Creation date: 25-Jun-2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Richard, OU=OSS, O=OSS, L=Yat, ST=Hamp, C=GB
Issuer: CN=Richard, OU=OSS, O=OSS, L=Yat, ST=Hamp, C=GB
Serial number: 48ee5103
Valid from: Thu Jun 25 17:09:18 BST 2015 until: Sun Jun 19 17:09:18 BST 2016
Certificate fingerprints:
     MD5:  60:63:F2:41:A3:AB:DB:E0:63:F9:B0:E4:C8:2C:90:D4
     SHA1: 52:8A:F7:76:82:B7:E9:BE:D3:4E:4A:3C:DD:CF:8A:58:A6:9F:70:DE
     SHA256: 3C:80:C1:0E:E7:30:DD:69:9F:97:A9:02:F9:4E:6E:57:84:82:C5:22:0E:7F:7A:EE:C1:D2:7A:8A:45:A3:86:79
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 42 4F 07 15 3A 9A 8C 59   6A 65 EB B6 62 FD 77 C5  BO..:..Yje..b.w.
0010: AC E3 B2 4F                                        ...O
]
]

What I see is a certificate, but what does entrytype: PrivateKeyEntry mean?

So ... when I load the Java server:

java -Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=somepassword EchoServer

I can specify it in the keystore so that it can be used when configuring SSLServerSocket.

Now on the client side, the client just needs the exported crt from this keystore with this command?

keytool -export -alias mystuff -file mystuff.crt -keystore keystore.jks

Or something else is needed to provide secure SSL between Java sockets.

Java SSL

http://stilius.net/java/java_ssl.php

, , ( , / trustStrorePassword, :

java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 EchoServer

, , ( , / trustStrorePassword, :

java -Djavax.net.ssl.trustStore=mySrvKeystore -Djavax.net.ssl.trustStorePassword=123456 EchoClient

, SSL / :

-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl

javax.net.ssl.keyStore - Java, . Windows , /, .

javax.net.ssl.keyStorePassword - , javax.net.ssl.keyStore. : ( ) , ( ).

javax.net.ssl.trustStore - Java, CA, ( ). Windows , /, .

If a trust store location is not specified using this property, the SunJSSE implementation searches for and uses a keystore file in the following locations (in order):

    $JAVA_HOME/lib/security/jssecacerts
    $JAVA_HOME/lib/security/cacerts

javax.net.ssl.trustStorePassword - , ( ), javax.net.ssl.trustStore.

javax.net.ssl.trustStoreType - (). Java jks ( JKS). , jks.

javax.net.debug - SSL/TLS, ssl.

+4

java ssl sslsocketfactory

DevilCode 26 . '15 13:08

:

6170

Java "pass-by-reference" "pass-by-value"?

3799

/ InputStream Java?

3324