5 minutes with – Asymmetric Key

A short summer article about the asymmetric key pairs in order to guarantee an encrypted communication between two endpoints.

I’ll show the main steps to achieve this aim using jdk tool (keytool) and a short java example.

A lot of times, more than I thought, I think there are some difficulties or a misunderstand to understand the concept behind the asymmetric key.

So, although the argument is well covered by other sites (e.g. http://www.java-redefined.com/2013/11/asymmetric-key-encryptiondecryption.html), I’d like to write a little tutorial in order to understand the whole concept.

The first, and most important rule is:

The sender encrypts the message with the receiver’s public key and the receiver reads it with his private key.

It looks obvious but….

Having said that, let’s illustrate the process by some pictures.


We’ve two people who want to share their messages through a secure channel. The first step is to create the key pairs for Bob and Claire.

Let’s using the keytool in the Jdk

#Claire's key pair (public and private)
keytool -genkeypair -alias claire -keyalg RSA -keysize 1024 -storetype jceks -validity 365 
-keypass password -keystore claire.jck -storepass password 
-dname "cn=localhost, ou=Verisign, o=Claire Inc, l=London, st=Uk"

#Bob's key pair (public and private)
keytool -genkeypair -alias bob -keyalg RSA -keysize 1024 -storetype jceks -validity 365 
-keypass password -keystore bob.jck -storepass password 
-dname "cn=localhost, ou=Verisign, o=Bob Inc, l=Manchester, st=Uk"

The second step is to export the public key from the keys previously created.


The keytool commands:

#Export Claire's public key
keytool -export -alias claire -storetype jceks -keystore claire.jck -storepass password -file 

#Export Bob's public key
keytool -export -alias bob -storetype jceks -keystore bob.jck -storepass password -file bob.crt

Once have exported the public key, it’s time to import the certificate in the local trust store; Bob receives Claire’s public key and Claire receives Bob’s public key.


The commands:

#Import Claire's public key in Bob's Trust Store keytool -importcert 
-alias claire -file claire.crt -keystore bobtruststore.jck
-keypass password -storepass password 

#Import Bob's public key in Claire's Trust Store keytool -importcert 
-alias bob -file bob.crt -keystore clairetruststore.jck
-keypass password -storepass password 

Now it’s time to start sending and receiving messages through the encrypted channel!

As I said in the rule above, Bob encrypts the messages by using the Claire’s public key. She reads it by using her private key. The same is conversely valid from Claire to Bob.

When a picture is better than one thousand of words.


The code is quite easy, the real aim of this article is the illustration of the process than the development of a solution.

However, I took it from Java security github repository and I have customized some parts.

Bob is the Client and Claire is the server (Girl’s power?!).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s