crypttool
NAME
crypttool—
command line tool to explore and perform cryptographic operations.
SYNOPSIS
crypttool command (help | [command-options])
Executes crypttool with the specified command.
crypttool help
Displays all the commands available with crypttool.
crypttool command help
Displays all the command-options available with the command.
crypttool listp [listp-options]
Lists all the installed and configured cryptographic service providers.
crypttool listks [listks-options]
Lists the entries in the specified keystore.
crypttool genk [genk-options]
Generates a secret key.
crypttool genkp [genkp-options]
Generates a public and private key pair.
crypttool crypt [crypt-options]
Encrypts or decrypts the data of an input file to an output file.
crypttool sign [sign-options]
Creates or verifies a signature of data in a file.
crypttool digest [digest-options]
Creates or verifies the digest of data in a file.
crypttool mac [mac-options]
Creates or verifies message authentication code of data in a file.
crypttool bench [bench-options]
Reports execution time of commands in a command file.
DESCRIPTION
The tool crypttool performs most of the cryptographic functions available in JCA and JCE. These functions include:
Show available providers and information associated with each of the providers. Generate a secret key or a private and public key pair. A generated secret key can be (a) stored in a JCEKS keystore, (b) saved in a file, (c) printed on screen (Hex value), or (d) discarded. The key saved in the file is essentially a serialized SecretKey object and hence not portable across providers. A private and public key pair can be (a) saved in a file, or (b) printed on screen. Similar to a secret key, the public and private key pair is also a serialized object and not portable across providers. Encrypt and decrypt data using symmetric or asymmetric cryptography. Note that J2SE v1.4 doesn't support any asymmetric cipher. Create and verify digital signature. This operation involves asymmetric cryptography and requires a private and public key pair. Create and verify message digest. Create and verify Message Authentication Code (MAC). Measure performance of cryptographic operations.
Association of these operations with various crypttool commands is quite obvious.
OPTIONS
The table below lists all the different options supported by the utility crypttool. As not all options apply to every command, the applicable commands are also indicated. To get all the options supported by a command, issue the command: "crypttool command help".
Table . -info | Display provider information. Applicable to listp command only. | -csinfo | Display cryptographic services available with each provider. Applicable to listp command only. | -props | Display properties set by each provider. Applicable to listp command only. | -provider provider | The provider to be used. Applicable for commands: listks, genk, genkp, crypt, sign, mac, digest. | -keystore keystore | Keystore file. Default: my.keystore. Applicable for: listks, genk, crypt, sign, mac. | -kstype type | Keystore type. Default: "JCEKS". Applicable for all commands that accept –keystore option. | -storepass pass | Keystore password. Default: "changeit". Applicable for all commands that accept –keystore option. | -alias alias | Alias to identify an entry in a keystore. Default: "mykey". Applicable for all commands that accept –keystore option. | -keypass pass | Passord for a key entry. Default: none. Applicable for all commands that accept –keystore option. | -action action | Action on the generated key or key pair. Possible values: print, store, save, discard. Default: discard. Applicable to genk and genkp commands. Value store not supported for genkp. | -file file | File to save generated key or key pair. Applicable for commands genk and genkp. | -keyfile file | File to get the secret key or public and private key pair. This file must have been saved by genk or genkp command.
Applicable to: crypt,sign,mac. | -algorithm alg | Algorithm for the operation required for the command. Possible values depend on the operation and the provider. Applicable for: genk, genkp, crypt, sign, mac, digest. | -keysize size | Size of the key in bits.
Possible values depend on the specified algorithm.
Applicable to:
genk and genkp. | -op op | Operation to be performed with crypt command.
Mandatory. No default. Possible values: enc, dec.
Applicable to:
crypt. | -infile file | File with input data.
Mandatory. No default value.
Applicable to:
crypt, sign, mac, digest. | -outfile file | File to save output data.
Mandatory. No default value.
Applicable to:
crypt. | -password pass | Password for password-based encryption or decryption.
Mandatory for Password-Based Encryption (PBE)
Applicable to:
crypt. | -transform trans | Cipher transformation string in form alg/mode/padding.
Default value:
"DES/CFB8/NoPadding"
Applicable to:
crypt. | -iv iv | Initialization Vector. A string of 8 letters. Converted to byte array. Gets generated if not specified.
Required based on the transform.
Applicable to:
crypt. | -stream | Use Java StreamCipher API for encryption or decryption.
Optional.
Applicable to:
crypt. | -verify | Verify the result of the operation indicated by command.
Applicable to:
sign, mac, digest. | -sigfile file | File to save the signature bytes for sign command. | -sigbytes bytes | Hex data bytes of the signature. Could be used with –verify option in sign command to verify signature. | -mdfile file | File to save the digest bytes for digest command. | -mdbytes bytes | Hex data bytes of the digest. Could be used with –verify option in digest command to verify message digest. | -macfile file | File to save the MAC bytes for mac command. | -macbytes bytes | Hex data bytes of the MAC. Could be used with –verify option in mac command to verify MAC. | -cmdfile file | File with each command to be benchmarked. Sample command file: %JSTK_HOME%\bin\ctbench.cmds.
Applicable to:
bench. | -runcount count | How many runs for bench command? | -loopcount count | How many iterations for each command within a run for the bench command. | -warmuptime time | Warmup time in seconds for bench command. No. of iterations for running commands during this warmup phase is determined by measuring the time in running first iteration. So, the actual warm-up time is usually less. | -showtime | Display execution time for a command. |
EXAMPLES
crypttool listp –csinfo
Lists providers with details of cryptographic services supported by each provider. Very useful for exploring the services available with a Java platform.
crypttool genk –action store –keystore test.ks
Generates a DES (default algorithm) key of size 56 bits (default keysize) and stores it in a JCEKS (default keystore type) keystore file test.ks with keystore password "changeit" (default password) and the entry alias "mykey" (default alias).
crypttool listks –keystore test.ks
Lists the entries in the keystore file test.ks. Default keystore type "JCEKS" and password "changeit" is used.
crypttool crypt -op enc -infile build.xml \
-outfile test.enc -keystore test.ks -iv 12345678
Encrypts file build.xml using the secret key in keystore test.ks and initialization vector as the byte array representation of string "12345678". The encrypted data is stored in the output file test.enc.
crypttool crypt -op dec -infile test.enc \
–outfile test.dec -keystore test.ks -iv 12345678
Decrypts the file test.enc encrypted in last command using the same secret key. The decrypted data is stored in the output file test.dec.
crypttool mac -infile build.xml -keystore test.ks \
-macfile test.mac
crypttool mac -infile build.xml -keystore test.ks \
-macfile test.mac –verify
Computes the MAC of the input file build.xml and verifies it. The secret key of earlier operations is used here as well.
crypttool genkp –action save –file test.kp \
-algorithm RSA
Generates RSA key pair of keysize 512 (default keysize) and saves the serialized KeyPair object to the file test.kp.
crypttool sign -infile build.xml -sigfile test.sig \
-keyfile test.kp -algorithm SHA1WithRSA
Signs the file build.xml with the RSA private key using SHA1WithRSA algorithm and saves the signature in the file test.sig.
crypttool sign -infile build.xml -sigfile test.sig \
-keyfile test.kp -algorithm SHA1WithRSA -verify
Verifies the signature created by the last command.
| 
