KeyStore Explorer Specifications

Features

Full specifications for KeyStore Explorer, including supported algorithms, key sizes and file formats, are included below.

KeyStores
Key Pairs
Certificates and CRLs
Certificate Signing Requests (CSR)
X.509 Extensions
Key Pair Import and Export
Trusted Certificate Import and Export
Public Key Export
Digital Signatures

KeyStores

KeyStore Explorer supports the management of the following KeyStore types:

Type	Description
JKS	Java KeyStore. Sun's KeyStore format.
JCEKS	Java Cryptography Extension KeyStore. More secure version of JKS.
PKCS #12	Public-Key Cryptography Standards #12 KeyStore. RSA's KeyStore format.
BKS	Bouncy Castle KeyStore. Bouncy Castle's version of JKS.
UBER	Bouncy Castle UBER KeyStore. More secure version of BKS.

Key Pairs

KeyStore Explorer supports DSA and RSA Key Pairs. It is capable of generating such Key Pairs with the following key sizes and signature algorithms:

Key Pair Algorithm	Key Size (bits)	Signature Algorithm
DSA	512 - 1024	SHA.1
RSA	512 - 8192	MD2
		MD5
		SHA.1

Certificates and CRLs

KeyStore Explorer supports Version 1 and Version 3 X.509 certificates as well as CRLs. In addition for Version 3 Certificates and CRLs it supports the display of a wide range of extensions.

Certificate Signing Requests (CSR)

KeyStore Explorer supports the generation and signing of the following CSR types:

Type	Description
PKCS #10	Public-Key Cryptography Standards #10 CSR, RSA's CSR format.
SPKAC	Signed Public Key and Challenge (SPKAC), Netscape's CSR format.

X.509 Extensions

KeyStore Explorer supports the display of the full set of extensions specified in RFC 3280 (Certificate and CRL Profile) and the Netscape Certificate Extensions among others. In addition most of the certificate extensions are available for addition to generated certificates and signed CSRs.

Extension Name	Extension OID	View	Add to Certificates / CSRs
Entrust Version Information	1.2.840.113533.7.65.0	X
Authority Information Access	1.3.6.1.5.5.7.1.1	X	X
Subject Information Access	1.3.6.1.5.5.7.1.11	X	X
Subject Directory Attributes	2.5.29.9	X
Subject Key Identifier	2.5.29.14	X	X
Key Usage	2.5.29.15	X	X
Private Key Usage Period	2.5.29.16	X	X
Subject Alternative Name	2.5.29.17	X	X
Issuer Alternative Name	2.5.29.18	X	X
Basic Constraints	2.5.29.19	X	X
CRL Number	2.5.29.20	X	N/A
Reason Code	2.5.29.21	X	N/A
Hold Instruction Code	2.5.29.23	X	N/A
Invalidity Date	2.5.29.24	X	N/A
Delta CRL Indicator	2.5.29.27	X	N/A
Issuing Distribution Point	2.5.29.28	X	N/A
Certificate Issuer	2.5.29.29	X	N/A
Name Constraints	2.5.29.30	X	X
CRL Distribution Points	2.5.29.31	X
Certificate Policies	2.5.29.32	X	X
Policy Mappings	2.5.29.33	X	X
Authority Key Identifier	2.5.29.35	X	X
Policy Constraints	2.5.29.36	X	X
Extended Key Usage	2.5.29.37	X	X
Freshest CRL	2.5.29.46	X
Inhibit Any Policy	2.5.29.54	X	X
Netscape Certificate Type	2.16.840.1.113730.1.1	X	X
Netscape Base URL	2.16.840.1.113730.1.2	X	X
Netscape Revocation URL	2.16.840.1.113730.1.3	X	X
Netscape CA Revocation URL	2.16.840.1.113730.1.4	X	X
Netscape Certificate Renewal URL	2.16.840.1.113730.1.7	X	X
Netscape CA Policy URL	2.16.840.1.113730.1.8	X	X
Netscape SSL Server Name	2.16.840.1.113730.1.12	X	X
Netscape Comment	2.16.840.1.113730.1.13	X	X

Key Pair Import and Export

KeyStore Explorer supports the following formats for the import and export of Key Pair entries.

Format	Private Part	Public Part
PKCS #12	X	X
PKCS #8 DER *	X
PKCS #8 PEM *	X
PVK	X
OpenSSL DER **	X
OpenSSL PEM **	X
X.509 DER		X
X.509 PEM		X
PKCS #7 DER		X
PKCS #7 PEM		X
PKI Path		X
SPC		X

* - Where PKCS #8 is encrypted KeyStore Explorer supports the following PBE algorithms:

PBE Algorithm
SHA.1 and 40 bit RC4
SHA.1 and 128 bit RC4
SHA.1 and 2 key DESede
SHA.1 and 3 key DESede
SHA.1 and 40 bit RC2
SHA.1 and 128 bit RC2

** - Where OpenSSL is encrypted KeyStore Explorer supports the following PBE algorithms:

PBE Algorithm
PBE with DES CBC
PBE with DESede CBC
PBE with 128 bit AES CBC
PBE with 192 bit AES CBC
PBE with 256 bit AES CBC

Trusted Certificate Import and Export

KeyStore Explorer supports the following formats for the import and export of Trusted Certificate entries:

Format
X.509 DER
X.509 PEM
PKCS #7 DER
PKCS #7 PEM
PKI Path
SPC

Public Key Export

KeyStore Explorer can export the public keys of Key Pair and Trusted Certificate entries in OpenSSL (SubjectPublicKeyInfo) format.

Digital Signatures

KeyStore Explorer supports the digital signing of CSRs, JARs and MIDlets using the following signature algorithms:

Signature Subject	Signature Algorithms
CSR	MD2 with RSA
	MD5 with RSA
	SHA.1 with RSA
	SHA.1 with DSA
JAR	MD2 with RSA
	MD5 with RSA
	SHA.1 with RSA
	SHA.1 with DSA
MIDlet	SHA.1 with RSA