crypttool

NAME

crypttool command line tool to explore and perform cryptographic operations.

SYNOPSIS

						crypttool
						command (help | [command-options])

Executes crypttool with the specified command.

						crypttool help
					

Displays all the commands available with crypttool.

						crypttool
						command
						help
					

Displays all the command-options available with the command.

						crypttool listp [listp-options]

Lists all the installed and configured cryptographic service providers.

						crypttool listks [listks-options]

Lists the entries in the specified keystore.

						crypttool genk [genk-options]

Generates a secret key.

						crypttool genkp [genkp-options]

Generates a public and private key pair.

						crypttool crypt [crypt-options]

Encrypts or decrypts the data of an input file to an output file.

						crypttool sign [sign-options]

Creates or verifies a signature of data in a file.

						crypttool digest [digest-options]

Creates or verifies the digest of data in a file.

						crypttool mac [mac-options]

Creates or verifies message authentication code of data in a file.

						crypttool bench [bench-options]

Reports execution time of commands in a command file.

DESCRIPTION

The tool crypttool performs most of the cryptographic functions available in JCA and JCE. These functions include:

  • Show available providers and information associated with each of the providers.

  • Generate a secret key or a private and public key pair. A generated secret key can be (a) stored in a JCEKS keystore, (b) saved in a file, (c) printed on screen (Hex value), or (d) discarded. The key saved in the file is essentially a serialized SecretKey object and hence not portable across providers. A private and public key pair can be (a) saved in a file, or (b) printed on screen. Similar to a secret key, the public and private key pair is also a serialized object and not portable across providers.

  • Encrypt and decrypt data using symmetric or asymmetric cryptography. Note that J2SE v1.4 doesn't support any asymmetric cipher.

  • Create and verify digital signature. This operation involves asymmetric cryptography and requires a private and public key pair.

  • Create and verify message digest.

  • Create and verify Message Authentication Code (MAC).

  • Measure performance of cryptographic operations.

Association of these operations with various crypttool commands is quite obvious.

OPTIONS

The table below lists all the different options supported by the utility crypttool. As not all options apply to every command, the applicable commands are also indicated. To get all the options supported by a command, issue the command: "crypttool command help".

-infoDisplay provider information. Applicable to listp command only.
-csinfoDisplay cryptographic services available with each provider. Applicable to listp command only.
-propsDisplay properties set by each provider. Applicable to listp command only.
-provider providerThe provider to be used. Applicable for commands: listks, genk, genkp, crypt, sign, mac, digest.
-keystore keystoreKeystore file. Default: my.keystore. Applicable for: listks, genk, crypt, sign, mac.
-kstype typeKeystore type. Default: "JCEKS". Applicable for all commands that accept –keystore option.
-storepass passKeystore password. Default: "changeit". Applicable for all commands that accept –keystore option.
-alias aliasAlias to identify an entry in a keystore. Default: "mykey". Applicable for all commands that accept –keystore option.
-keypass passPassord for a key entry. Default: none. Applicable for all commands that accept –keystore option.
-action actionAction on the generated key or key pair. Possible values: print, store, save, discard. Default: discard. Applicable to genk and genkp commands. Value store not supported for genkp.
-file fileFile to save generated key or key pair. Applicable for commands genk and genkp.
-keyfile fileFile to get the secret key or public and private key pair. This file must have been saved by genk or genkp command. Applicable to: crypt,sign,mac.
-algorithm algAlgorithm for the operation required for the command. Possible values depend on the operation and the provider. Applicable for: genk, genkp, crypt, sign, mac, digest.
-keysize sizeSize of the key in bits. Possible values depend on the specified algorithm.

Applicable to: genk and genkp.

-op opOperation to be performed with crypt command. Mandatory. No default. Possible values: enc, dec.

Applicable to: crypt.

-infile fileFile with input data. Mandatory. No default value.

Applicable to: crypt, sign, mac, digest.

-outfile fileFile to save output data. Mandatory. No default value.

Applicable to: crypt.

-password passPassword for password-based encryption or decryption. Mandatory for Password-Based Encryption (PBE)

Applicable to: crypt.

-transform transCipher transformation string in form alg/mode/padding.

Default value: "DES/CFB8/NoPadding"

Applicable to: crypt.

-iv ivInitialization Vector. A string of 8 letters. Converted to byte array. Gets generated if not specified. Required based on the transform.

Applicable to: crypt.

-streamUse Java StreamCipher API for encryption or decryption. Optional.

Applicable to: crypt.

-verifyVerify the result of the operation indicated by command.

Applicable to: sign, mac, digest.

-sigfile fileFile to save the signature bytes for sign command.
-sigbytes bytesHex data bytes of the signature. Could be used with –verify option in sign command to verify signature.
-mdfile fileFile to save the digest bytes for digest command.
-mdbytes bytesHex data bytes of the digest. Could be used with –verify option in digest command to verify message digest.
-macfile fileFile to save the MAC bytes for mac command.
-macbytes bytesHex data bytes of the MAC. Could be used with –verify option in mac command to verify MAC.
-cmdfile fileFile with each command to be benchmarked. Sample command file: %JSTK_HOME%inctbench.cmds.

Applicable to: bench.

-runcount countHow many runs for bench command?
-loopcount countHow many iterations for each command within a run for the bench command.
-warmuptime timeWarmup time in seconds for bench command. No. of iterations for running commands during this warmup phase is determined by measuring the time in running first iteration. So, the actual warm-up time is usually less.
-showtimeDisplay execution time for a command.

EXAMPLES

						crypttool listp –csinfo
					

Lists providers with details of cryptographic services supported by each provider. Very useful for exploring the services available with a Java platform.

						crypttool genk –action store –keystore test.ks
					

Generates a DES (default algorithm) key of size 56 bits (default keysize) and stores it in a JCEKS (default keystore type) keystore file test.ks with keystore password "changeit" (default password) and the entry alias "mykey" (default alias).

						crypttool listks –keystore test.ks
					

Lists the entries in the keystore file test.ks. Default keystore type "JCEKS" and password "changeit" is used.

						crypttool crypt -op enc -infile build.xml 
						-outfile test.enc -keystore test.ks -iv 12345678
					

Encrypts file build.xml using the secret key in keystore test.ks and initialization vector as the byte array representation of string "12345678". The encrypted data is stored in the output file test.enc.

						crypttool crypt -op dec -infile test.enc outfile test.dec -keystore test.ks -iv 12345678
					

Decrypts the file test.enc encrypted in last command using the same secret key. The decrypted data is stored in the output file test.dec.

						crypttool mac -infile build.xml -keystore test.ks 
						-macfile test.mac
						crypttool mac -infile build.xml -keystore test.ks 
						-macfile test.mac –verify
					

Computes the MAC of the input file build.xml and verifies it. The secret key of earlier operations is used here as well.

						crypttool genkp –action save –file test.kp 
						-algorithm RSA
					

Generates RSA key pair of keysize 512 (default keysize) and saves the serialized KeyPair object to the file test.kp.

						crypttool sign -infile build.xml -sigfile test.sig 
						-keyfile test.kp -algorithm SHA1WithRSA
					

Signs the file build.xml with the RSA private key using SHA1WithRSA algorithm and saves the signature in the file test.sig.

						crypttool sign -infile build.xml -sigfile test.sig 
						-keyfile test.kp -algorithm SHA1WithRSA -verify
					

Verifies the signature created by the last command.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.76.250