Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Create encryption keys using the Java KeyStore keytool

Log in to subscribe to topics and get notified when content changes.

Create encryption keys using the Java KeyStore keytool

You can use the keytool shipped with the encryption proxy distribution to create AES 128-bit and AES 256-bit encryption keys.

Before you begin

You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>/java/jre/bin/keytool.

To find out more about the keytool utility, see the Java SE Documentation.

About this task

Note: The Java KeyStore requires that the alias name (key name, key alias) use lowercase letters and numbers.


  1. Change to the keystore directory, <installation directory>/keystore/.
  2. To create the encryption key, run one of the following commands.
    Note: If you choose to run these commands from a directory other than the keystore directory, that is you skipped the previous step, you must change the -keystore option to include the path from your current directory to the keystore directory. For example, if you were in the <installation directory>\bin directory, the option would be -keystore ../keystore/keystore.jceks
    AES 128 keytool -genseckey -alias 128bitkey -keyalg aes -keysize 128 -keystore keystore.jceks -storetype jceks
    AES 256 keytool -genseckey -alias 256bitkey -keyalg aes -keysize 256 -keystore keystore.jceks -storetype jceks

    You add the alias on the instance when you assign default keys.

    Note: The key password must be the same as the keystore password.