Previous Contents Index Next |
iPlanet Certificate Management System Command-Line Tools Guide |
Chapter 12 Key Database Tool
Key Database Tool is a command-line utility that can modify the key database file (key3.db) of iPlanet Certificate Management Server (CMS). You can use the utility to create or change the database password, generate new public and private key pairs, display the contents of the database, or delete key pairs from the database.
Key database management tasks are part of a process that typically also involves managing client certificate databases (cert7.db file). The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database.
This chapter discusses key database management. For information on certificate database and security module database management, see Chapter 11 "Certificate Database Tool" and Chapter 16 "Security Module Database Tool."
This chapter has the following sections:
Availability
This tool is available for AIX 4.3, OSF/1 v4.0D, Solaris 2.6 (SunOS 5.6),
Solaris 8, and Windows NT 4.0.
Syntax
To run Key Database Tool, type the command
where option and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options, or with the -H option.
Options and Arguments
Options specify an action and are uppercase. Option arguments modify an action and are lowercase. Key Database Tool options and their arguments are defined as follows:
Usage
Key Database Tool's capabilities are grouped as follows, using these combinations of options and arguments. The specifications in square brackets are optional, those without square brackets are required.
Creating a new key3.db file and setting its password:
-N [-d keydir] [-w password-file]
Changing the password to a key database file:
-C [-d keydir]
Generating new RSA key pairs in a key database file:
-G [-h tokenname] [-t rsa] [-s num] [-e exp] [-d keydir]
[-f noise-file] [-w password-file]
Generating new DSA key pairs in a key database file:
-G [-h tokenname] -t dsa [-q pqgfile -s num]
[-d keydir] [-w password-file]
Listing the keyIDs of the keys in a database:
-L [-a] [-l] [-t rsa|dsa] [-h tokenname] [-d keydir]
Displaying public key information from the database:
-P -k shortkeyID [-t rsa|dsa] [-h tokenname]
[-d keydir] [-w password-file]
Deleting private keys from a key database file:
-D -k shortkeyID [-t rsa|dsa] [-h tokenname]
[-d keydir] [-w password-file]
Displaying a list of the options and arguments used by Key Database Tool:
-H
Examples
Includes the following:
Creating a Key Database
Creating a Key Database
This example creates new key database files (key3.db and secmod.db) in the specified directory:
Key Database Tool prompts you as follows:
Creating a brand new key database:keydir/key3.db
Database not initialized. Setting password.
Enter new password:
Re-enter password:
After you enter the password, Key Database Tool creates new key3.db and secmod.db files in the specified directory.
Generating a New Key
This example generates a new key in a key database:
Key Database Tool then displays the following:
----------------------------------------------------
Netscape Communications Corporation
Key Generation
--------------------------------------------------------
Welcome to the key generator. With this program, you can
generate the public and private keys that you use for secure
communications.
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a random
seed is to use the timing of keystrokes on a keyboard.
You have specified the name 'mykey' for your key
If this is correct, press enter:
To begin, type keys on the keyboard until this progress meter is
full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:
Generating key. This may take a few moments...
generated public/private key pair
Note that if you do not specify a token name, the key is generated on the internal slot. This is equivalent to the -h internal argument.
If you use the -f noise-file argument, Key Database Tool does not ask for keyboard input.
If you use the -w password-file argument, Key Database Tool reads the password from the file instead of asking for keyboard input. Avoid using this argument when you are accessing both the internal slot and tokens that have different passwords.
Displaying Public Key Information
This example prints the public key's information:
The public key information appears after you give the correct password:
It's the first key found.
RSA Public-Key:
modulus:
00:e9:5c:4a:73:74:39:22:6d:c6:da:4e:b3:1f:01:26:9d:be:
d1:74:ae:cd:c7:7d:65:f9:1d:31:1f:71:fb:60:d0:45:46:5f:
5a:19:e7:61:1e:e7:ce:9f:4a:13:4e:d6:e9:06:90:2a:ba:bd:
0b:5f:7b:a3:28:21:1e:0f:1c:f4:3a:ba:3a:8f:0b:e1:99:91:
cc:e8:fd:17:d2:1c:66:13:6b:95:27:b1:eb:bc:9c:e6:7b:f0:
3a:b9:44:dc:24:a6:f8:83:9a:9e:80:3f:74:48:09:6b:3f:a6:
46:51:be:e0:1b:51:87:8c:44:94:f0:fe:41:fe:b4:9f:4c:0a:
04:a9:a1
publicExponent: 65537 (0x10001)
Listing Key IDs
This command lists the key IDs in the key database:
After you enter the password, Key Database Tool displays the following:
RSA Public-Key:
modulus:
00:e9:5c:4a:73:74:39:22:6d:c6:da:4e:b3:1f:01:26:9d:be:
d1:74:ae:cd:c7:7d:65:f9:1d:31:1f:71:fb:60:d0:45:46:5f:
5a:19:e7:61:1e:e7:ce:9f:4a:13:4e:d6:e9:06:90:2a:ba:bd:
0b:5f:7b:a3:28:21:1e:0f:1c:f4:3a:ba:3a:8f:0b:e1:99:91:
cc:e8:fd:17:d2:1c:66:13:6b:95:27:b1:eb:bc:9c:e6:7b:f0:
3a:b9:44:dc:24:a6:f8:83:9a:9e:80:3f:74:48:09:6b:3f:a6:
46:51:be:e0:1b:51:87:8c:44:94:f0:fe:41:fe:b4:9f:4c:0a:
04:a9:a1
When unmodified, this command lists all the RSA keys in the default (internal) slot. You can refine this command's output with the -a, -h, and -l arguments.
Deleting a Private Key
This example deletes a private key from the key database:
When you delete keys, be sure to remove any certificates associated with those keys from the certificate database by using the Certificate Database Tool.
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated October 07, 2002