crypttool

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

JSTK Tools

Next Chapter

certtool

crypttool

NAME

crypttool— command line tool to explore and perform cryptographic operations.

SYNOPSIS

						crypttool
						command (help | [command-options])

Executes crypttool with the specified command.

						crypttool help

Displays all the commands available with crypttool.

						crypttool
						command
						help

Displays all the command-options available with the command.

						crypttool listp [listp-options]

Lists all the installed and configured cryptographic service providers.

						crypttool listks [listks-options]

Lists the entries in the specified keystore.

						crypttool genk [genk-options]

Generates a secret key.

						crypttool genkp [genkp-options]

Generates a public and private key pair.

						crypttool crypt [crypt-options]

Encrypts or decrypts the data of an input file to an output file.

						crypttool sign [sign-options]

Creates or verifies a signature of data in a file.

						crypttool digest [digest-options]

Creates or verifies the digest of data in a file.

						crypttool mac [mac-options]

Creates or verifies message authentication code of data in a file.

						crypttool bench [bench-options]

Reports execution time of commands in a command file.

DESCRIPTION

The tool crypttool performs most of the cryptographic functions available in JCA and JCE. These functions include:

Show available providers and information associated with each of the providers.
Generate a secret key or a private and public key pair. A generated secret key can be (a) stored in a JCEKS keystore, (b) saved in a file, (c) printed on screen (Hex value), or (d) discarded. The key saved in the file is essentially a serialized SecretKey object and hence not portable across providers. A private and public key pair can be (a) saved in a file, or (b) printed on screen. Similar to a secret key, the public and private key pair is also a serialized object and not portable across providers.
Encrypt and decrypt data using symmetric or asymmetric cryptography. Note that J2SE v1.4 doesn't support any asymmetric cipher.
Create and verify digital signature. This operation involves asymmetric cryptography and requires a private and public key pair.
Create and verify message digest.
Create and verify Message Authentication Code (MAC).
Measure performance of cryptographic operations.

Association of these operations with various crypttool commands is quite obvious.

OPTIONS

The table below lists all the different options supported by the utility crypttool. As not all options apply to every command, the applicable commands are also indicated. To get all the options supported by a command, issue the command: "crypttool command help".

`-info`	Display provider information. Applicable to `listp` command only.
`-csinfo`	Display cryptographic services available with each provider. Applicable to `listp` command only.
`-props`	Display properties set by each provider. Applicable to `listp` command only.
`-provider` `provider`	The provider to be used. Applicable for commands: `listks`, `genk`, `genkp`, `crypt`, `sign`, `mac`, `digest`.
`-keystore` `keystore`	Keystore file. Default: `my.keystore`. Applicable for: `listks`, `genk`, `crypt`, `sign`, `mac`.
`-kstype` `type`	Keystore type. Default: `"JCEKS"`. Applicable for all commands that accept –`keystore` option.
`-storepass` `pass`	Keystore password. Default: `"changeit"`. Applicable for all commands that accept –`keystore` option.
`-alias` `alias`	Alias to identify an entry in a keystore. Default: `"mykey"`. Applicable for all commands that accept –`keystore` option.
`-keypass` `pass`	Passord for a key entry. Default: none. Applicable for all commands that accept –`keystore` option.
`-action` `action`	Action on the generated key or key pair. Possible values: `print`, `store`, `save`, `discard`. Default: `discard`. Applicable to `genk` and `genkp` commands. Value `store` not supported for `genkp`.
`-file` `file`	File to save generated key or key pair. Applicable for commands `genk` and `genkp`.
`-keyfile` `file`	File to get the secret key or public and private key pair. This file must have been saved by `genk` or `genkp` command. Applicable to: `crypt`,`sign`,`mac`.
`-algorithm` `alg`	Algorithm for the operation required for the command. Possible values depend on the operation and the provider. Applicable for: `genk`, `genkp`, `crypt`, `sign`, `mac`, `digest`.
`-keysize` `size`	Size of the key in bits. Possible values depend on the specified algorithm. Applicable to: `genk` and `genkp`.
`-op` `op`	Operation to be performed with crypt command. Mandatory. No default. Possible values: `enc`, `dec`. Applicable to: `crypt`.
`-infile` `file`	File with input data. Mandatory. No default value. Applicable to: `crypt`, `sign`, `mac`, `digest`.
`-outfile` `file`	File to save output data. Mandatory. No default value. Applicable to: `crypt`.
`-password` `pass`	Password for password-based encryption or decryption. Mandatory for Password-Based Encryption (PBE) Applicable to: `crypt`.
`-transform` `trans`	Cipher transformation string in form `alg/mode/padding`. Default value: `"DES/CFB8/NoPadding"` Applicable to: `crypt`.
`-iv` `iv`	Initialization Vector. A string of 8 letters. Converted to byte array. Gets generated if not specified. Required based on the transform. Applicable to: `crypt`.
`-stream`	Use Java `StreamCipher` API for encryption or decryption. Optional. Applicable to: `crypt`.
`-verify`	Verify the result of the operation indicated by command. Applicable to: `sign`, `mac`, `digest`.
`-sigfile` `file`	File to save the signature bytes for `sign` command.
`-sigbytes` `bytes`	Hex data bytes of the signature. Could be used with –`verify` option in `sign` command to verify signature.
`-mdfile` `file`	File to save the digest bytes for `digest` command.
`-mdbytes` `bytes`	Hex data bytes of the digest. Could be used with –`verify` option in `digest` command to verify message digest.
`-macfile` `file`	File to save the MAC bytes for `mac` command.
`-macbytes` `bytes`	Hex data bytes of the MAC. Could be used with –`verify` option in `mac` command to verify MAC.
`-cmdfile` `file`	File with each command to be benchmarked. Sample command file: `%JSTK_HOME%inctbench.cmds`. Applicable to: `bench.`
`-runcount` `count`	How many runs for bench command?
`-loopcount` `count`	How many iterations for each command within a run for the `bench` command.
`-warmuptime` `time`	Warmup time in seconds for `bench` command. No. of iterations for running commands during this warmup phase is determined by measuring the time in running first iteration. So, the actual warm-up time is usually less.
`-showtime`	Display execution time for a command.

EXAMPLES

						crypttool listp –csinfo

Lists providers with details of cryptographic services supported by each provider. Very useful for exploring the services available with a Java platform.

						crypttool genk –action store –keystore test.ks

Generates a DES (default algorithm) key of size 56 bits (default keysize) and stores it in a JCEKS (default keystore type) keystore file test.ks with keystore password "changeit" (default password) and the entry alias "mykey" (default alias).

						crypttool listks –keystore test.ks

Lists the entries in the keystore file test.ks. Default keystore type "JCEKS" and password "changeit" is used.

						crypttool crypt -op enc -infile build.xml 
						-outfile test.enc -keystore test.ks -iv 12345678

Encrypts file build.xml using the secret key in keystore test.ks and initialization vector as the byte array representation of string "12345678". The encrypted data is stored in the output file test.enc.

						crypttool crypt -op dec -infile test.enc 
–outfile test.dec -keystore test.ks -iv 12345678

Decrypts the file test.enc encrypted in last command using the same secret key. The decrypted data is stored in the output file test.dec.

						crypttool mac -infile build.xml -keystore test.ks 
						-macfile test.mac
						crypttool mac -infile build.xml -keystore test.ks 
						-macfile test.mac –verify

Computes the MAC of the input file build.xml and verifies it. The secret key of earlier operations is used here as well.

						crypttool genkp –action save –file test.kp 
						-algorithm RSA

Generates RSA key pair of keysize 512 (default keysize) and saves the serialized KeyPair object to the file test.kp.

						crypttool sign -infile build.xml -sigfile test.sig 
						-keyfile test.kp -algorithm SHA1WithRSA

Signs the file build.xml with the RSA private key using SHA1WithRSA algorithm and saves the signature in the file test.sig.

						crypttool sign -infile build.xml -sigfile test.sig 
						-keyfile test.kp -algorithm SHA1WithRSA -verify

Verifies the signature created by the last command.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for crypttool

Create new playlist

Sign In

Sign Up

crypttool

Table of Contents for
crypttool