Encryption of Network Communications using JSSE Part 4: Generating Security Certificates

Posted on by

The series leading up to now has been focused on the basics of unencrypted communications. Well, now we’re ready to dig into the good stuff, data encryption.

The first step to sending encrypted data over any network is to pick a cryptographic protocol. One of the most popular, especially for Internet communications, is Transport Layer Security (TLS) which was actually created as an improvement upon Secure Socket Layer (SSL). TLS is an asynchronous cryptographic method, which means that we must actually generate four keys: server.private, server.public, client.private, and client.public. This is done using the keytool program.

keytool -genkeypair -keystore server.private

*Note: if you are using Java SE that is below version 6, you will have to use -genkey instead of -genkeypair.

You will be asked a series of questions which will be used to create your certificate. Make sure to make a note of your keystore password and your key password, as you will be needing them later. Do the same thing to create the client’s private key, only using -keystore client.private instead.

Now you will need to extract the public keys from the private keys. This also uses the keytool command.

keytool -export -keystore server.private -file temp.key
keytool -import -keystore server.public -file temp.key

Exporting will prompt you for the private keystore’s password, and importing will ask you to create a new password for the public keystore. Be sure to delete temp.key once you are finished. Repeat these steps to create the client.private keystore and extract the client.public keystore from it.

Once all this is finished you will have all 4 keystore files that you need to fully encrypt your network communications. These files need to be put in the correct places in order to be effective though. When you distribute your code, you will have 2 executables, one for the server and one for the client. The server needs to have it’s own private key and the client’s public key, and the client needs to have it’s own private key and the server’s public key, as shown in the table below.

Server Client
server.private client.private
client.public server.public

In part 5 of this series, we will begin integrating these keys into our basic socket client/server program and preparing to send encrypted data.

Bryan Young
About Bryan Young
Bryan Young is a staff writer for WebProNews.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Advertise | About Us
2549 Richmond Road Second Floor Lexington, KY 40509 | Phone: (859) 514-2720 | Fax: (859) 219-9065
Newsletter Archive | RSS Feed | Terms & Conditions
JavaProNews is an iEntry Network ® publication - © 1998-2012 All Rights Reserved