while create secure web service,we need pair of keys represented client and server,both side keep their private key in their key store and import other side's public key in their store also.
server side use its private key to assign the message to client and decrypt the message comes from client and use client public key to verify the message from client and encrypt the message send to client.
Creating Keystores for the service and the client
The signing makes sure authentication, integrity and non-repudiation for messages, which are sent between entities. For signing at the senders side the private key is being used and at the receivers side the public key is being used. Therefore, it is required to follow the following steps in order to create two key-pairs for the sender and the receiver and to extract the public key of each entity to exchange between them.
Step 1: Creating a server keystore (server.jks)
keytool -genkey -alias server -keyalg RSA -keysize 1024 -keypass password -keystore server.jks -storepass password
Step 2: Creating the client keystore (client.jks)
keytool -genkey -alias client -keyalg RSA -keysize 1024 -keypass password -keystore client.jks -storepass password
Step 3: Extract (export) server public key/ certificate from the server keystore (server.jks)
keytool -alias server -export -keystore server.jks -storepass password -file tomcatpub.cer
Step 4: Import the extracted public key to client keystore
keytool -import -alias server -file tomcatpub.cer -keystore client.jks -storepass password
Step 5: Extract (export) client public key/ certificate from the client keystore (client.jks)
keytool -alias client -export -keystore client.jks -storepass password -file client.cer
Step 6: Import the extracted public key to server keystore
keytool -import -alias client -file client.cer -keystore server.jks -storepass password
Now both server and client keystores are having public keys of each other and ready for the communication.
No comments:
Post a Comment