Create encryption keys using the Java KeyStore keytool

You can use the keytool shipped with the encryption proxy distribution to create AES 128 and AES 256 encryption keys.

Before you begin

You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>/java/jre/bin/keytool.

To find out more about the keytool utility, see the Java SE Documentation.

About this task

Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase letters and numbers.

Procedure

  1. Change to the key store directory, <installation directory>/keystore/.
  2. To create the encryption key, run one of the following commands.
    Note: If you choose to run these commands from a directory other than the key store directory, that is you skipped the previous step, you must change the -keystore option to include the path from your current directory to the key store directory. For example, if you were in the <installation directory>\bin directory, the option would be -keystore ../keystore/keystore.jceks
    OptionDescription
    AES 128 keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128 -keystore keystore.jceks -storetype jceks
    AES 256 keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256 -keystore keystore.jceks -storetype jceks
    You add the alias on the instance when you assign default keys.