Previous | Next | Trail Map | Security in JDK 1.2 | Exchanging Files

Generate Keys

Before signing the Contract.jar JAR file containing the contract file, you need to generate keys, if you don't already have suitable keys available. The private key is needed to sign the JAR file, and the corresponding public key is needed by the contract receiver to verify the signature.

This lesson assumes you don't yet have such keys. You are going to create a keystore named stanstore and create an entry with a newly-generated public/private key pair (with the public key in a certificate).

Now, pretend you are Stan Smith and you work in the legal department of "XYZ" corporation.

In your command window, type the following to create a keystore named stanstore and generate keys for Stan Smith: 

keytool -genkey -alias signLegal -keystore stanstore

You will be prompted for the keystore password, your "distinguished name" information, and the key password. Below are shown the prompts, along with what you should type (which is indicated in bold): 

Enter keystore password:  balloon53 
What is your first and last name?
  [Unknown]:  Stan Smith 
What is the name of your organizational unit?
  [Unknown]:  Legal 
What is the name of your organization?
  [Unknown]:  XYZ 
What is the name of your City or Locality?
  [Unknown]:  New York
What is the name of your State or Province?
  [Unknown]:  NY 
What is the two-letter country code for this unit?
  [Unknown]:  US 
Is <CN=Stan Smith, OU=Legal, O=XYZ, L=New York, 
       ST=NY, C=US> correct?
  [no]:  y 
    
Enter key password for 
        (RETURN if same as keystore password):  cat876

The above keytool command creates the keystore named stanstore in the same directory in which the command is executed (assuming the specified keystore doesn't already exist), and assigns it the password "balloon53". It generates a public/private key pair for the entity whose "distinguished name" has a common name of "Stan Smith", organizational unit of "Legal", etc.

It creates a self-signed certificate that includes the public key and the distinguished name information. (A self-signed certificate is one signed by the private key corresponding to the public key in the certificate.) This certificate will be valid for 90 days, which is the default validity period if you don't specify a -validity option. The certificate is associated with the private key in a keystore entry referred to by the alias "signLegal". The private key is assigned the password "cat876".

Previous | Next | Trail Map | Security in JDK 1.2 | Exchanging Files