Create encryption keys using the Java KeyStore keytool

You can use the keytool shipped with the encryption proxy distribution to create AES 128-bit and AES 256-bit encryption keys.

Before you begin

You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>/java/jre/bin/keytool.

To find out more about the keytool utility, see the Java SE Documentation.

About this task

Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase letters and numbers.


  1. Change to the keystore directory, <installation directory>/keystore/.
  2. To create the encryption key, run one of the following commands.
    Note: If you choose to run these commands from a directory other than the keystore directory, that is you skipped the previous step, you must change the -keystore option to include the path from your current directory to the keystore directory. For example, if you were in the <installation directory>\bin directory, the option would be -keystore ../keystore/keystore.jceks
    AES 128 keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128 -keystore keystore.jceks -storetype jceks
    AES 256 keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256 -keystore keystore.jceks -storetype jceks

    You add the alias on the instance when you assign default keys.

    Note: The key password must be the same as the keystore password.