A Java KeyStore (JKS) is a repository of security certificates, either authorization certificates, self-authentication certificates(where the user authenticates himself/herself to other users/services) or public key certificates. In this tutorial, we guide you how to create keystore in Ant and in next tutorial soon about how to sign Java jars using the keystore we just created.
As requirement, you need have Java and Ant installed on your computer.
Ant provides task GenKey to create a keystore to a specified location, I created an Ant example as showed below.
<?xml version="1.0"?>
<project name="asjava.com ant to create keystore" default="genKeystore" basedir=".">
<tstamp/>
<property name="build.output.dir" value="c:/asjava"/>
<property name="verisign.key.store" value="${build.output.dir}/.keystore"/>
<property name="verisign.key.storepass" value="asjava.com"/>
<property name="verisign.key.alias" value="asjava"/>
<property name="verisign.key.pass" value="asjava.com"/>
<target name="genKeystore">
<mkdir dir="${build.output.dir}"/>
<genkey alias="${verisign.key.alias}" verbose="true"
storepass="${verisign.key.storepass}" keypass="${verisign.key.pass}"
validity="365" keystore="${verisign.key.store}">
<dname>
<param name="CN" value="AsJava.com Group"/>
<param name="OU" value="Jim"/>
<param name="O" value="AsJava.com"/>
<param name="C" value="US"/>
</dname>
</genkey>
</target>
</project>
In command line, use ant or ant genKeystore run this build script to generate1,024 bit DSA key pair and self-signed certificate, the output looks like:
Buildfile: build.xmlgenKeystore:
[mkdir] Created dir: c:\asjava
[genkey] Generating Key for asjava
[genkey] Generating 1,024 bit DSA key pair and self-signed certificate (SHA1WithDSA)
[genkey] for: CN=AsJava.com Group, OU=Jim, O=AsJava.com, C=US
[genkey] [Storing c:/asjava/.keystore]
BUILD SUCCESSFUL
Total time: 0 seconds
The parameters of Ant target GenKey are listed below, some of them are rquired but some are not.
| Attribute | Description | Required |
| alias | the alias to add under this new keystore | Yes. |
| storepass | password for keystore integrity. Must be at least 6 characters long | Yes. |
| keystore | keystore location(where the keystore outputs) | No |
| storetype | keystore type | No |
| keypass | password for private key (if different) | No |
| sigalg | the algorithm to use in signing | No |
| keyalg | the method to use when generating name-value pair | No |
| verbose | (true | false) verbose output when signing | No |
| dname | The distinguished name for entity | Yes if dname element unspecified |
| validity | (integer) indicates how many days certificate is valid | No |
| keysize | (integer) indicates the size of key generated | No |
For dname, You should use the distinguished name that corresponds to your company. Here is a list of the types of components that you can use:
