<<This post is at high level, will modify later :) >>
Encryption is a way to achieve the confidentiality and message integrity which assures a request sent is not tampered and can be decrypted by a party of your interest.
Message encryption requires certificate exchange between the communicating parties.
This is how a communication in case of message encryption happens
Consider Party1 is talking to Party2
Party1 first encrypts the message using Party2's public key, and signs the message with Party1's private key.
When the message is received by Party2, it will first verify the signature key in the message, which is Party1's public key, which should be already present in Party2's keystore, and then will decrypt the message with Party2's private key
This sounds confusing, but very simple. Just public-key exchange with each other.
In case of party1, it'll use one key for encrypting and one for signing
In case of party2, it'll use one for trusting the message, and one for decrypting in case.
Generating a custom keystore and a private key
keytool -genkeypair -alias samlserver -keyalg RSA -keypass samlserver -keystore samlserver.jks -storepass samlserver
Exporting a certificate/your public key
Encryption is a way to achieve the confidentiality and message integrity which assures a request sent is not tampered and can be decrypted by a party of your interest.
Message encryption requires certificate exchange between the communicating parties.
This is how a communication in case of message encryption happens
Consider Party1 is talking to Party2
Party1 first encrypts the message using Party2's public key, and signs the message with Party1's private key.
When the message is received by Party2, it will first verify the signature key in the message, which is Party1's public key, which should be already present in Party2's keystore, and then will decrypt the message with Party2's private key
This sounds confusing, but very simple. Just public-key exchange with each other.
In case of party1, it'll use one key for encrypting and one for signing
In case of party2, it'll use one for trusting the message, and one for decrypting in case.
Generating a custom keystore and a private key
keytool -genkeypair -alias samlserver -keyalg RSA -keypass samlserver -keystore samlserver.jks -storepass samlserver
Exporting a certificate/your public key
keytool -exportcert
-alias samlserver -keystore samlserver.jks -storepass samlserver -file
samlserver.cer
keytool -list
-keystore samlserver.jks
Importing a certificate / peer's public key
Importing a certificate / peer's public key
keytool -importcert
-alias samlclient -keystore samlserver.jks -storepass samlserver -file
samlclient.cer
Print a Certificate
keytool -printcert
-file samlclient.cer
Delete a Certificate
from keystore
Keytool -delete
-alias <aliasName> -keystore <keystoreName> -storepass
<keystorePassword>
Delete a Keystore
keytool -delete
-alias samlserver-keystore samlserver.jksCreate a certificate request to CA
keytool -certreq -alias test -sigalg "RSAwithSHA1" -file certreq_file -storetype jks -keystore test.jks
Note that if you import a certificate with an already existing alias name, it gets overridden. This is used when you are using your certificate for signing (self-signing) initially, and later get a certificate from a CA in which case you'll override
No comments:
Post a Comment