A Java KeyStore (JKS) is a repository of security certificates, either authorization certificates, self-authentication certificates(where the user authenticates himself/herself to other users/services) or public key certificates. In this tutorial, we guide you how to create keystore in Ant and in next tutorial soon about how to sign Java jars using the keystore we just created.

As requirement, you need have Java and Ant installed on your computer.

Ant provides task GenKey to create a keystore to a specified location, I created an Ant example as showed below.

<?xml version="1.0"?>
<project name="asjava.com ant to create keystore" default="genKeystore" basedir=".">
<tstamp/>

  <property name="build.output.dir" value="c:/asjava"/>
  <property name="verisign.key.store" value="${build.output.dir}/.keystore"/>
  <property name="verisign.key.storepass" value="asjava.com"/>
  <property name="verisign.key.alias" value="asjava"/>
  <property name="verisign.key.pass" value="asjava.com"/>

  <target name="genKeystore">
  <mkdir dir="${build.output.dir}"/>
  <genkey alias="${verisign.key.alias}" verbose="true" 
storepass="${verisign.key.storepass}" keypass="${verisign.key.pass}" 
validity="365" keystore="${verisign.key.store}">
    <dname>
      <param name="CN" value="AsJava.com Group"/>
      <param name="OU" value="Jim"/>
      <param name="O" value="AsJava.com"/>
      <param name="C" value="US"/>
    </dname>
  </genkey>
  </target>
</project>

In command line, use ant or ant genKeystore run this build script to generate1,024 bit DSA key pair and self-signed certificate, the output looks like:

C:\temp>ant
Buildfile: build.xml

genKeystore:
[mkdir] Created dir: c:\asjava
[genkey] Generating Key for asjava
[genkey] Generating 1,024 bit DSA key pair and self-signed certificate (SHA1WithDSA)
[genkey] for: CN=AsJava.com Group, OU=Jim, O=AsJava.com, C=US
[genkey] [Storing c:/asjava/.keystore]

BUILD SUCCESSFUL
Total time: 0 seconds

The parameters of Ant target GenKey are listed below, some of them are rquired but some are not.

Attribute Description Required
alias the alias to add under this new keystore Yes.
storepass password for keystore integrity. Must be at least 6 characters long Yes.
keystore keystore location(where the keystore outputs) No
storetype keystore type No
keypass password for private key (if different) No
sigalg the algorithm to use in signing No
keyalg the method to use when generating name-value pair No
verbose (true | false) verbose output when signing No
dname The distinguished name for entity Yes if dname element unspecified
validity (integer) indicates how many days certificate is valid No
keysize (integer) indicates the size of key generated No

For dname, You should use the distinguished name that corresponds to your company. Here is a list of the types of components that you can use: