Key Util
KeyUtil is a tool that can be used to generate RSA key pairs, create certificate requests and ultimately create pkcs#12 based key stores based on imported certificates.
KeyUtil tool provides a command-line interface for software based key stored using the pkcs#12 storage format. The KeyUtil tool can be downloaded here KeyUtil.zip
A description on how to generate a key and import a certificate:
Generate a key
Command: keyutil keygen
Parameter | Description |
---|---|
dn <distinguished name> | Given dn must be enclosed by double quotes if it includes spaces and be of the format shown in the example below. |
pw <Key store password> | pw is the password that protects the private key and must be a regular passphrase. |
keysize <key size> | keysize is the number of RSA bits. Must be 2048 or 4096. |
keyfile <file in which to store private key> | keyfile is the file that will contain the protected private key. |
p10file <file name> | p10file is the file name of the PKCS#10 certificate request. This is the file that shall be sent to IN Groupe upon configuration. |
Example in Unix:
./keyutil.sh keygen -dn "CN=Customer A,O=Customer A,C=NO" --pw password -keysize 2048 --keyfile customerA.key -p10file customerA.p10
Example in dos:
# keyutil keygen -dn "CN=Merchant A,O=Merchant A,C=NO" -pw password -keysize 2048 --keyfile merchantA.key -p10file merchantA.p10
If successful, the output is a Base64 PEM encoded PKCS#10 written to the specified file while status, filenames and PKCS#10 hash is shown on the screen. The key file is created and will be deleted during certificate import.
RSA key pair successfully generated
PKCS#10 certificate request written to customerA.p10
Key file written to customerA.key
Import a certificate
Command: keyutil import
Parameter | Description |
---|---|
pw <Key store password> | pw is the password used to protect the private key. Set during generation of the key. |
keyfile <File in which the private key is stored> | keyfile is the file that contains the protected private key. |
certfile <certificate file> | certfile is the (path and) name of the certificate file in DER, PEM, PKCS7 (.p7b) or Base64format. |
p12file <The pkcs#12 file to generate> | p12file is the final keysstore containing the certificate and the private key. |
Example in Unix:
./keyutil.sh import -pw password --keyfile johnsmith.key --certfile johnsmith.cer --p12file johnsmith.p12
Example in dos:
# keyutil import -pw password --keyfile johnsmith.key --certfile johnsmith.cer --p12file johnsmith.p12