Gimme the Keys...

We can either generate keys for an identity or import them from a file. Generally speaking, you’ll generate key pairs for the signers you “own” and import public keys for everyone else. Marian, for example, will generate her own public and private keys. She, however, will import public keys for both Will Scarlet and Sheriff.

Let’s begin by generating a public and private key pair for Marian. We’ll use the -gk option, which can be abbreviated to -g. To generate the keys, we need to specify which public key cipher algorithm we wish to use. JDK 1.1 ships with support for the DSA algorithm, so that’s what we’ll use.

Finally, javakey needs to know how long to make the keys. This is the size, in bits, of the keys. Longer keys are more secure, but they take more time to create and use. You need to generate keys only once, though, so you might as well bite the bullet and generate longer keys. You probably won’t notice the extra time it takes to use a longer key. The DSA algorithm can generate keys of 512, 768, or 1024 bits.

C:\ javakey -gk Marian DSA 1024
Generated DSA keys for Marian (strength: 1024).

This is a lengthy process: You should probably kick this off and take a break while it chugs along.

When you generate the keys this way, they are stored in javakey’s internal database. If you want to store the keys by themselves in external files, you can specify the filenames at the end of the javakey command, like this:

C:\ javakey -gk Marian DSA 1024 public.x509 private.x509 ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.