Confusion generating private and public keys for jsse?

Question

I have found tutorial for introducing the steps for generating keys. It tells the following steps:

keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa \
    -dname "CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your City, \
    S=Your State, C=Your Country" -storepass clientpw -keypass clientpw

keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa \
   -dname "CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your City, \
   S=Your State, C=Your Country" -storepass serverpw -keypass serverpw

keytool -export -alias clientprivate -keystore client.private \
    -file temp.key -storepass clientpw

keytool -import -noprompt -alias clientpublic -keystore client.public \
    -file temp.key -storepass public

keytool -export -alias serverprivate -keystore server.private \
    -file temp.key -storepass serverpw
keytool -import -noprompt -alias serverpublic -keystore server.public \
   -file temp.key -storepass public

But I am confused that where is the .jks files? And why we use temp.key? I you can answer my questions, I will be appreciated...

Answer 1

where is the .jks files?

The first two operations operate on your $HOME/.keystore.

And why we use temp.key?

As an intermediate file to carry from the server environment to the client environment for importing, and vice versa. Carrying the .keystore file itself would compromise the private key and so would be insecure. The export step doesn't export the private keys.

Answer 2

Ultimately, .keystore and .jks are just file extensions: it's up to you to name your files sensibly. Some application use a keystore file stored in $HOME/.keystore: it's usually implied that it's a JKS file, since JKS is the default keystore type in the Sun/Oracle Java security provider. Not everyone uses the .jks extension for JKS files, because it's implied as the default. I'd recommend using the extension, just to remember which type to specify (if you need).

In Java, the word keystore can have either of the following meanings, depending on the context:

• the API: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html
• a file (or other mechanism) that can be used to back this API
• a keystore as opposed to a truststore, as described here: https://stackoverflow.com/a/6341566/372643

When talking about the file and storage, this is not really a storage facility for key/value pairs (there are plenty or other formats for this). Rather, it's a container to store cryptographic keys and certificates (I believe some of them can also store passwords). Generally, these files are encrypted and password-protected so as not to let this data available to unauthorized parties.

Java uses its KeyStore class and related API to make use of a keystore (whether it's file based or not). JKS is a Java-specific file format, but the API can also be used with other file types, typically PKCS#12. When you want to load a keystore, you must specify its keystore type. The conventional extensions would be:

• .jks for type "JKS",
• .p12 or .pfx for type "PKCS12" (the specification name is PKCS#12, but the # is not used in the Java keystore type name).

In addition, BouncyCastle also provides its implementations, in particular BKS (typically using the .bks extension), which is frequently used for Android applications.

You are confused on this.

A keystore is a container of certificates, private keys etc.

There are specifications of what should be the format of this keystore and the predominant is the #PKCS12

JKS is Java's keystore implementation. There is also BKS etc.

These are all keystore types.

So to answer your question:

difference between .keystore files and .jks files

There is none. JKS are keystore files. There is difference though between keystore types. E.g. JKS vs #PKCS12

This might help you out to start with.

http://ankursinghal86.blogspot.in/2014/06/authentication-with-client-certificate.html