-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* changed "Java" to JDK Done in the descriptions and titles. * updates to javasecurity * minor updates * updated video link * Update sprint-javasecurity.md * small tweaks * Update sprint-javasecurity.md * started jcmd * updates to jcmd workshop * Update sprint-jcmd.md fixed brackets * fixed acknolwedgements * beginnings of keytool sprint * Update sprint-keytool.md * fixed titles * fixed spacing
- Loading branch information
Showing
4 changed files
with
171 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
|
|
||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1"> | ||
| <meta name="description" content="Oracle LiveLabs gives you access to Oracle's products to run a wide variety of labs and workshops; allowing you to experience our best technology, live!"> | ||
| <title>Oracle LiveLabs</title> | ||
|
|
||
| <script src="https://oracle-livelabs.github.io/common/redwood-hol/js/jquery-1.11.0.min.js"></script> | ||
| <script src="https://oracle-livelabs.github.io/common/redwood-hol/js/jquery-ui-1.10.4.custom.js"></script> | ||
| <script src="https://oracle-livelabs.github.io/common/redwood-hol/js/main.min.js"></script> | ||
|
|
||
| <link rel="stylesheet" href="https://oracle-livelabs.github.io/common/redwood-hol/css/style.min.css" /> | ||
| <link rel="shortcut icon" href="https://oracle-livelabs.github.io/common/redwood-hol/img/favicon.ico" /> | ||
| </head> | ||
|
|
||
| <body> | ||
| <header class="hol-Header" role="banner"> | ||
| <div class="hol-Header-wrap"> | ||
| <div class="hol-Header-logo"><span>Oracle LiveLabs</span></div> | ||
| <a href="https://developer.oracle.com/livelabs" target="_blank" id="livelabs" title="Oracle LiveLabs"></a> | ||
| <div class="hol-Header-actions"> | ||
| <button id="openNav" class="hol-Header-button hol-Header-button--menu rightNav" aria-label="Open Menu" | ||
| title="Open Menu"> | ||
| <span class="hol-Header-toggleIcon"></span> | ||
| </button> | ||
| </div> | ||
| </div> | ||
| </header> | ||
|
|
||
| <div id="container"> | ||
| <div id="leftNav"> | ||
| <div id="toc"></div> | ||
| </div> | ||
| <div id="contentBox"> | ||
| <main class="hol-Content" id="module-content"></main> | ||
| </div> | ||
| </div> | ||
|
|
||
| <footer class="hol-Footer"> | ||
| <a class="hol-Footer-topLink" href="#top">Return to Top</a> | ||
| <div id="footer-banner"><div class="footer-row"> | ||
| <div class="footer-content"><ul class="footer-links"> | ||
| <li><a href="https://docs.oracle.com/pls/topic/lookup?ctx=en/legal&id=cpyr" target="_blank" aria-label="Open a new window to Oracle legal notices" data-lbl="copyright">© Oracle</a></li> | ||
| <li><a href="https://www.oracle.com/corporate/index.html" target="_blank" aria-label="Open a new window to learn more about oracle" data-lbl="about-oracle">About Oracle</a></li> | ||
| <li><a href="https://www.oracle.com/corporate/contact/" target="_blank" aria-label="Open a new window to contact oracle" data-lbl="contact-us">Contact Us</a></li> | ||
| <li class="footer-links-break"></li> | ||
| <li><a href="https://docs.oracle.com/en/browseall.html" target="_blank" aria-label="Open a new window to products a-z" data-lbl="products-a-z">Products A-Z</a></li> | ||
| <li><a href="https://www.oracle.com/legal/privacy/" target="_blank" aria-label="Open a new window to read more about Oracle terms of use and privacy" data-lbl="terms-of-use-and-privacy">Terms of Use & Privacy</a></li> | ||
| <li><a href="https://www.oracle.com/legal/privacy/privacy-policy.html#11" target="_blank" aria-label="Open a new window to read more about managing Oracle cookie preferences" data-lbl="cookie-preferences">Cookie Preferences</a></li> | ||
| <li><a href="https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html#adchoices" target="_blank" aria-label="Open a new window to ad choices" data-lbl="ad-choices">Ad Choices</a></li> | ||
| <li class="footer-links-break"></li><li class="last"><a href="https://docs.oracle.com/pls/topic/lookup?ctx=en/legal&id=cpyr" target="_blank" aria-label="Open a new window to Oracle legal notices" data-lbl="copyright">© Oracle</a></li> | ||
| </ul> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </footer> | ||
| </body> | ||
|
|
||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| { | ||
| "workshoptitle": "How to Use the JDK's keytool Utility", | ||
| "help": "livelabs-help-sprints_us@oracle.com", | ||
| "tutorials": [ | ||
| { | ||
| "title": "keytoolTutorial", | ||
| "description": "Learn how to use keytool to manage Java public/private key pairs and certificates.", | ||
| "filename": "sprint-keytool.md" | ||
|
|
||
| } | ||
| ], | ||
| "task_type": "Sections" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| # keytool Tutorial | ||
| Duration: 5 minutes | ||
|
|
||
|
|
||
| ## keytool Tutorial | ||
|
|
||
| [keytool Tutorial](videohub:1_5dpusf5t) | ||
|
|
||
| ### 1 Java Keytool | ||
| This is a quick tutorial on using the `keytool` command. This is a key and certificate management utility that enables users to administer their own public/private key pairs and associated certificates for self-authentication or data integrity. | ||
|
|
||
| ### 2 What are Keystores and Truststores? | ||
| A keystore stores private key entries, certificates with public keys, or even secret keys. | ||
|
|
||
| In other words, a keystore contains certificates that identify us, and a truststore holds certificates that are used to identify others. | ||
|
|
||
| Java has a truststore called `cacerts` which resides in the `[JAVA_HOME]/lib/security` directory. The default format for it was JKS until JDK 8. From JDK 9 onwards, the default keystore format is PKCS#12, which is a more standardized and language-neutral way of storing encrypted private keys and certificates. | ||
|
|
||
| The security property `keystore.type` in the `java.security` file controls the format for the keystore. | ||
|
|
||
| To learn more about the `java.security` file, see [Understand the java.security File](https://apexapps.oracle.com/pls/apex/r/dbpm/livelabs/run-workshop?p210_wid=3905) on LiveLabs. | ||
|
|
||
| ### 3 How are Keystores and Truststores Used? | ||
| If a client talks to a Java-based server over HTTPS, the server will look up the associated key from its keystore, and present the public key and certificate to the client. The client looks-up these things in its truststore. | ||
|
|
||
| Similarly, if the client also needs to authenticate itself, it presents its public key and certificate to the server. This is called mutual authentication. | ||
|
|
||
|  | ||
|
|
||
| ### 4 What is Keytool? | ||
| The `keytool` command is used to manage keys and certificates. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication. Users can also use `keytool` to set secret keys and passphrases for symmetric encryption and decryption (DES). | ||
|
|
||
| It can also be used to create or add data to a keystore, import and export content within a keystore, generate a CSR/certificate request, display data, and much more. | ||
|
|
||
| ### 5 List Certificates | ||
| One of the basic functions of `keytool` is to list certificates. | ||
|
|
||
| The `-list` command prints the contents of the keystore identified by `-alias`. If no alias is specified, as in the example below, then the contents of the entire keystore is printed. | ||
|
|
||
| The following command will list the certificates in a keystore. The `-keystore [KEYSTORE_NAME]` option is the name of the keystore whose certificates you want to list, and `[KEYSTORE_PASSWORD]` is the password for that keystore. | ||
| ``` | ||
| keytool -v -list -keystore [KEYSTORE_NAME] -storepass [KEYSTORE_PASSWORD] | ||
| ``` | ||
| The `-v` option enables verbose output, which causes the certificate to be printed in a human-readable format with additional information such as the certificate's owner, issuer, serial number, and any extensions. | ||
|
|
||
| ### 6 Import Certificates | ||
| You can also use `keytool` to import certificates. | ||
|
|
||
| The `-importcert` command reads the certificate or certificate chain from the file `[CERT_FILE]` and stores it in the keystore entry identified by `[ALIAS_NAME]`: | ||
| ``` | ||
| keytool -v -importcert -alias [ALIAS_NAME] -file [CERT_FILE] -keystore [KEYSTORE_NAME] -storepass [KEYSTORE_PASSWORD] | ||
| ``` | ||
| If the specified keystore doesn't exist, it will be automatically generated. In this case, you can se the format through the `-storetype` argument, as follows: | ||
| ``` | ||
| keytool -v -importcert -alias [ALIAS_NAME] -file [CERT_FILE] -keystore [KEYSTORE_NAME] -storepass [KEYSTORE_PASSWORD] -storetype [KEYSTORE_TYPE] | ||
| ``` | ||
|
|
||
| ### 7 Export Certificates | ||
| The `-exportcert` command is used to read certificates associated with an alias from the keystore, and store them in the `[CERT_FILE]` file. If no file is specified, the certificate is ouput to stdout. | ||
| ``` | ||
| keytool -v -exportcert -alias [ALIAS_NAME] -file [CERT_FILE] -keystore [KEYSTORE_NAME] -storepass [KEYSTORE_PASSWORD] | ||
| ``` | ||
| If `[ALIAS_NAME]` refers to a trusted certificate, then that certificate is the output. | ||
|
|
||
| Otherwise, `[ALIAS_NAME]` refers to a key entry with an associated certificate chain. In this case, the first certificate in the chain is returned. This certificate authenticates the public key of the entity addressed by `[ALIAS_NAME]`. | ||
|
|
||
| ### 8 Delete Certificates | ||
| The `-delete` command is used to delete entries identified as `[ALIAS_NAME]` from the keystore. The user is prompted for the alias if no alias is provided. | ||
| ``` | ||
| keytool -v -delete -alias [ALIAS_NAME] -keystore [KEYSTORE_NAME] -storepass [KEYSTORE_PASSWORD] | ||
| ``` | ||
|
|
||
|
|
||
| ### 9 Help | ||
| The `-help` command can be used to list basic commands and options. | ||
|
|
||
| For more information about a specific command, enter the following, where `[COMMAND_NAME]` is the name of the `keytool` command: | ||
| ``` | ||
| keytool -[COMMAND_NAME] -help | ||
| ``` | ||
|
|
||
| ### 10 Learn More | ||
| - [keytool JDK 21 Documentation](https://docs.oracle.com/en/java/javase/21/docs/specs/man/keytool.html) | ||
| - [keytool JDK 17 Documentation](https://docs.oracle.com/en/java/javase/17/docs/specs/man/keytool.html) | ||
| - [keytool JDK 11 Documentation](https://docs.oracle.com/en/java/javase/11/tools/keytool.html) | ||
| - [keytool JDK 8 Linux, Solaris, OS X Documentation](https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html) | ||
| - [keytool JDK 8 Windows Documentation](https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html) | ||
|
|
||
|
|
||
| ## Acknowledgements | ||
| **Video** - Anjana Sajeev, Technical Support Engineer, Java Platform Group | ||
| **Workshop** - Jason Begy, Principal User Assistance Developer, Java Platform Group | ||
| **Last Updated By/Date** - Jason Begy, June 2024 | ||
|
|
||
|
|
||
|
|