Java Reference
In-Depth Information
This example loads the necessary keys and certificates from a file named
jnp4e.keys
in
the current working directory protected with the password “2andnotafnord”. What this
example doesn't show you is how that file was created. It was built with the
keytool
program that's bundled with the JDK like this:
$
keytool -genkey -alias ourstore -keystore jnp4e.keys
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
Elliotte Harold
What is the name of your organizational unit?
[Unknown]:
Me, Myself, and I
What is the name of your organization?
[Unknown]:
Cafe au Lait
What is the name of your City or Locality?
[Unknown]:
Brooklyn
What is the name of your State or Province?
[Unknown]:
New York
What is the two-letter country code for this unit?
[Unknown]:
NY
Is <CN=Elliotte Harold, OU="Me, Myself, and I", O=Cafe au Lait, L=Brooklyn,
ST=New York, C=NY> correct?
[no]:
y
Enter key password for <ourstore>
(RETURN if same as keystore password):
When this is finished, you'll have a file named
jnp4e.keys
, which contains your public
keys. However, no one will believe that these are your public keys unless you have them
certified by a trusted third party such as GeoTrust or GoDaddy. If you just want to
explore the JSSE before deciding whether to go through the hassle and expense of pur‐
chasing a verified certificate, Oracle includes a verified keystore file called
testkeys
, pro‐
tected with the password “passphrase,” that has some JSSE samples. However, this isn't
good enough for real work.
Another approach is to use cipher suites that don't require authentication. There are
several of these in the JDK, including:
• SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
• SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
• SSL_DH_anon_WITH_DES_CBC_SHA
• SSL_DH_anon_WITH_RC4_128_MD5
• TLS_DH_anon_WITH_AES_128_CBC_SHA
• TLS_DH_anon_WITH_AES_128_CBC_SHA256
• TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
