Difference between keytool -genkey vs -genkeypair - keytool

I am using keytool to create a CSR.
I wonder what is the difference between the options -genkey and -genkeypair. My understanding is that -genkey creates only private key and -genkeypair creates both private and public key.
If so, how do I get the public key of the private key which is created using -genkey?

Per https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html, this keytool flag was named -genkey in earlier releases. While the old name is still supported, -genkeypair is preferred going forward.
So essentially, both are the same

Hi there in old version of java was named -genkey which is stil supported
This command was named -genkey in earlier releases. The old name is still supported in this release. The new name, -genkeypair, is preferred going forward.
Keytool Java 8 documentation

Related

Certutil repair Code Signing Certificate in CurrentUser not LocalMachine

So this is my first time having this problem last time my code signing certificate was installed correct and without problems this time however the private key flag is missing from my certificate and after searching for about an hour I found certutil -repairstore my "CertSerialNumber"
This is working if the certificate is installed to the local machine but then signtool is unable to find the certificate, by default it installed to CurrentUser so how do I run certutil -repairstore on a certificate on current user, i have tried adding -sr currentuser and -user and it complains they are invalid parameters (WIN32: 87 ERROR_INVALID_PARAMETER).
Finally fount the answer typical it's within mins of posting this question so for anyone else,
make sure the param's are ordered correctly, the certutil is a little bit of a pain with order of parameters,
certutil -user -repairstore my "CertSerialNumber"
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

Why is the sha256 hash key different from Command Prompt and Powershell

So I'm currently doing a project at the moment, and I've came across integrity hashing. So I've been taught to use openssl sha256 to hash a css file for practice. I did this in Terminal, Command prompt and Powershell.
Terminal gave the same results as the Command prompt but powershell gave an entirely new result.
Command Prompt
3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=
Terminal
3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=
PowerShell
Pxk/Pz8/P04/XD8/Px1ZPzEERC8pPw0KVD8xP25aST9sDQo=
tl;dr
Basically I just want to know the different output between terminal and command prompt to powershell
Extra:
I'm really interested in cyber security and I want to learn more, upskill and do what it takes to be a unicorn. Feel free to give me critic/advice <3.
You're dealing with an output encoding difference between Command Prompt, PowerShell, and OpenSSL's interpretation of such when run from these shells.
To see your active code page from Command Prompt, run chcp.com. To see your active output encoding in PowerShell, check the status of the $OutputEncoding variable.
Note: You will see code page differences.
You may try in vain to set both to the same output encoding type, but OpenSSL will most likely still report differences.
As an example, you can review the OpenSSL output from all output encoding types in PowerShell with:
[System.Text.Encoding]::GetEncodings() | % { "`n`nCodePage $($_.CodePage):"; $OutputEncoding = [System.Text.Encoding]::GetEncoding($_.CodePage); openssl dgst -sha256 -binary .\index-styles.css | openssl base64 -A }
Note: I doubt there's a similar hash listed when compared to OpenSSL's Command Prompt output.
Anyhow, to avoid this problem, I would advise to use OpenSSL's built-in -out file parameter, then call OpenSSL twice, rather than rely on the pipeline (|):
openssl dgst -sha256 -binary -out .\index-styles.out .\index-styles.css
openssl base64 -A -in .\index-styles.out
You should (in theory) get consistent results from OpenSSL in both Command Prompt and PowerShell when using -out file then -in file
Hope this helps.

I am trying to enabling Google Play App Signing but geting error while generating .pem file

i am a unity game developer. i am trying to get .pem file from keystore through command prompt in order to enable app signing and commmand is
C:\Users\admin19>java -jar C:\Users\admin19\Desktop\pepk.jar --keystore= F:\Key
Store\abc.keystore --alias=abc --output=C:\Users\admin
19\Desktop\output\key.pem --encryptionkey=eb10fe8f7c7c94656756df715022017b00c6471f8ba8170b13049a11e6c0
9ffe3056a104a3bbe4ac5a955f4ba4fe93fc8fghhjkcef2kk7558a3eb9d2a529a2092761fb833b656cd48b9d
e6a
i press enter after typing this to cmd.
it ask for keystore passward !!! i enter.... then it ask for alias passward !! i enter which is same as keystore passward.. but it is giving error : no key for alias : [aliasname]..what should i do.. plz help
You may follow the suggestions in this thread.
To get the Key Alias: I copied the keytool.exe and my keystore file into C:\Program Files\Java\jdk1.7.0_71\bin folder. Then from command prompt I wrote: keytool -list -v -keystore <name>.keystore It will also ask for keystore password then. Then it will show you the key alias and Certificate fingerprints and other info.
It was also mentioned that if you have the keystore password, keytool might be able to list the aliases.

Key hash format

I'm learning to make facebook apps and have come to the part where you have to enter your 28 character key hash.
I've searched the forums and internet after an answer but i couldn't find any.
If someone does, please send me a link and i will close this thread.
I ran the code: keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%.android\debug.keystore | openssl sha1 -binary | openssl
base64 - in powershell, and it returns a 32 character code in this format: xxx/xxxxxxx/xxx/xxx/xxx/xxxxxx== I cant get what i'm doing wrong or how i'm supposed to translate this code to another format.
Thx for help!
The problem turned out to be caused by running the command in powershell instead of cmd.

Issue with certificate import

In our code we are trying to import certificates from source code to user's system who tries to install our application.Our application is windows application.
To import certificate they have used key tool command where path is wrong.
<Command name="User">
<![CDATA[keytool -keystore "%USERPROFILE%\Application Data\Sun\Java\Deployment\security\trusted.certs"
-import -v -noprompt
-file "C:\Program Files\American Express\DesktopPhone\AppletWeb\cert\NIVRApplet.cert"
-alias nap -storepass ""]]>
</Command>
Even though path C:\Program Files\American Express\DesktopPhone\AppletWeb\cert\NIVRApplet.cert is not available still certificate is getting imported into user system in the location %USERPROFILE%\Application Data\Sun\Java\Deployment\security\trusted.certs when they install our application.
When I try executing the above command in command prompt directly it says import is unsuccessful but it works fine through application without any error with certificate getting imported.
I am not sure how it is happening?
Can anybody help me on this?
When I try executing the above command in command prompt directly it
says import is unsuccessful but it works fine through application
without any error with certificate getting imported.
Probably the account you logged in does not have necessary permission on the keystore you are trying to import. What error you are getting ?