Create encryption keys using the Java KeyStore keytool You can use the keytool shipped with the encryption proxy distribution to create AES 128-bit and AES 256-bit encryption keys. Before you begin You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>/java/jre/bin/keytool. To find out more about the keytool utility, see the Java SE Documentation. About this task Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase letters and numbers. Procedure Change to the keystore directory, <installation directory>/keystore/. To create the encryption key, run one of the following commands. Note: If you choose to run these commands from a directory other than the keystore directory, that is you skipped the previous step, you must change the -keystore option to include the path from your current directory to the keystore directory. For example, if you were in the <installation directory>\bin directory, the option would be -keystore ../keystore/keystore.jceks OptionDescription AES 128 keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128 -keystore keystore.jceks -storetype jceks AES 256 keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256 -keystore keystore.jceks -storetype jceks You add the alias on the instance when you assign default keys. Note: The key password must be the same as the keystore password.