526互联

android:keytool生成应用签名证书(java 15)

发布时间 2023-04-14 13:33:22作者: 刘宏缔的架构森林

一,查看是否已安装keytool

keytool命令的程序位于jdk的安装目录/bin下,
1,查看是否有keytool命令已安装?
[lhdop@blog ~]$ ls /usr/local/soft/jdk-17/bin/keytool
/usr/local/soft/jdk-17/bin/keytool
2,查看帮助:列出可用的命令
[lhdop@blog ~]$ keytool --help
Key and Certificate Management Tool
 
Commands:
 
-certreq            Generates a certificate request
-changealias        Changes an entry's alias
-delete             Deletes an entry
-exportcert         Exports certificate
-genkeypair         Generates a key pair
-genseckey          Generates a secret key
-gencert            Generates certificate from a certificate request
-importcert         Imports a certificate or a certificate chain
-importpass         Imports a password
-importkeystore     Imports one or all entries from another keystore
-keypasswd          Changes the key password of an entry
-list               Lists entries in a keystore
-printcert          Prints the content of a certificate
-printcertreq       Prints the content of a certificate request
-printcrl           Prints the content of a CRL file
-storepasswd        Changes the store password of a keystore
-showinfo           Displays security-related information
 
Use "keytool -?, -h, or --help" for this help message
Use "keytool -command_name --help" for usage of command_name.
Use the -conf <url> option to specify a pre-configured options file.
3,查看帮助:例:列出genkey命令的参数:
[lhdop@blog keystore]$ keytool -genkey --help
keytool -genkeypair [OPTION]...
 
Generates a key pair
 
Options:
 
-alias <alias>          alias name of the entry to process
-keyalg <alg>           key algorithm name
-keysize <size>         key bit size
-groupname <name>       Group name. For example, an Elliptic Curve name.
-sigalg <alg>           signature algorithm name
-dname <name>           distinguished name
-startdate <date>       certificate validity start date/time
-ext <value>            X.509 extension
-validity <days>        validity number of days
-keypass <arg>          key password
-keystore <keystore>    keystore name
-storepass <arg>        keystore password
-storetype <type>       keystore type
-providername <name>    provider name
-addprovider <name>     add security provider by name (e.g. SunPKCS11)
   [-providerarg <arg>]    configure argument for -addprovider
-providerclass <class>  add security provider by fully-qualified class name
   [-providerarg <arg>]    configure argument for -providerclass
-providerpath <list>    provider classpath
-v                      verbose output
-protected              password through protected mechanism
 
Use "keytool -?, -h, or --help" for this help message

二,生成keystore

1,执行genkey命令

[lhdop@blog keystore]$ keytool -genkey -alias poem -keyalg RSA -keysize 2048 -validity 36500 -keystore poem.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  liuhongdi
What is the name of your organizational unit?
  [Unknown]:  liuhongdi
What is the name of your organization?
  [Unknown]:  liuhongdi
What is the name of your City or Locality?
  [Unknown]:  beijing
What is the name of your State or Province?
  [Unknown]:  beijing
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86 correct?
  [no]:  y
 
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days
        for: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86
此处密码要记住
 
2,参数说明:
-genkey:生成一个证书
-alias:证书的别名,一般和keystore的文件名相同,也可以不同,
              它是和keystore关联的唯一别名,不区分大小写
-keyalg:生成密钥文件的算法,此处用RSA (可以选择的密钥算法有:RSA、DSA(默认)、EC)
-validity: 生成数字证书的有效期天数,我们设置为36500天
-keysize: 指定密钥长度(与keyalg对应关系:`RSA=2048`、`DSA=2048`、`EC=256`)
-keystore: 指定密钥库文件的名称
 
3,代码的说明:
  • CN = 域名或IP(Common Name)
  • OU = 组织单位名称(Organization Unit)
  • O = 组织名称(Organization Name)
  • L = 城市或区域名称(Locality Name)
  • ST = 州或省份名称(State Name)
  • C = 国家的简写(Country,CN 代表中国)
4,查看生成的keystore文件:
[lhdop@blog keystore]$ ls
poem.keystore

三,查询keystore的信息:

[lhdop@blog keystore]$ keytool -list -v -keystore poem.keystore
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: poem
Creation date: Apr 14, 2023
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86
Issuer: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86
Serial number: 8028dc6750c99e58
Valid from: Fri Apr 14 09:33:04 CST 2023 until: Sun Mar 21 09:33:04 CST 2123
Certificate fingerprints:
         SHA1: A1:23:05:8A:5E:3B:9C:8D:03:E5:F5:CB:67:E8:A7:8A:4C:92:07:A2
         SHA256: 0F:40:91:72:FD:5A:F2:04:2F:38:1E:80:7F:87:C2:96:44:5B:BD:1F:BA:11:FB:FF:15:7F:55:77:FC:24:AB:C9
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
 
Extensions:
 
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C5 B9 7B C9 EA 27 8A 9D   86 49 AB 19 C7 18 F0 91  .....'...I......
0010: 13 52 CB 40                                        .R.@
]
]
 
 
 
*******************************************
*******************************************

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取: https://github.com/liuhongdi/
         或: https://gitee.com/liuhongdi

说明:作者:刘宏缔 邮箱: 371125307@qq.com

四,查看java的版本:

[lhdop@blog keystore]$ java --version
java 15 2020-09-15
Java(TM) SE Runtime Environment (build 15+36-1562)
Java HotSpot(TM) 64-Bit Server VM (build 15+36-1562, mixed mode, sharing)