ID-Rights

Get started
Step 1
Step 2
Step 3
Overview
Country specific information
Service access
Key Util
Operational information
Web service functions
1. Signing Rights
2. KYC/AML support
3. Audit Trail
4. Black/White List
Data elements
Error response
Role codes
Denmark
Finland
Norway
Sweden
Company form codes
Denmark
Finland
Norway
Sweden
Test Data
Error codes
Release notes
Contact us

Key Util

​KeyUtil is a tool that can be used to generate RSA key pairs, create certificate requests and ultimately create pkcs#12 based key stores based on imported certificates.

​KeyUtil tool provides a command-line interface for software based key stored using the pkcs#12 storage format. The KeyUtil tool can be downloaded here​​. 

A description on​​ how to ge​​​​nerate a key and import a certificate:


​​​​​​Gen​​​​erate a key

​​​​

​​​​Command: keyutil keygen

Parameters:

  • dn <distinguished name>: given dn must be enclosed by double quotes if it includes spaces and be of the format shown in the example below.
  • pw <Key store password>: pw is the password that protects the private key and must be a regular passphrase.
  • keysize <key size>: keysize is the number of RSA bits. Must be 2048 or 4096.
  • keyfile <file in which to store private key>: keyfile is the file that will contain the protected private key.
  • p10file <file name>: p10file is the file name of the PKCS#10 certificate request. This is the file that shall be sent to Nets upon configuration. 

Example in Unix:

./keyutil.sh keygen -dn "CN=Customer A,O=Customer A,C=NO" –pw password -keysize 2048 –keyfile customerA.key -p10file customerA.p10

Example in dos:

# keyutil keygen -dn "CN=Merchant A,O=Merchant A,C=NO" -pw password -keysize 2048 –keyfile merchantA.key -p10file merchantA.p10

If successful, the output is a Base64 PEM encoded PKCS#10 written to the specified file while status, filenames and PKCS#10 hash is shown on the screen. The key file is created and will be deleted during certificate import.
RSA key pair successfully generated
PKCS#10 certificate request written to customerA.p10
Key file written to customerA.key


​​​Impor​​​t a certificate​

​​​

Command: keyutil import

Parameters:

  • pw <Key store password>: pw is the password used to protect the private key. Set during generation of the key.
  • keyfile <File in which the private key is stored>: keyfile is the file that contains the protected private key.
  • certfile <certificate file>: certfile is the (path and) name of the certificate file in DER, PEM, PKCS7 (.p7b) or Base64format.
  • ​​p12file <The pkcs#12 file to generate>: p12file is the final keysstore containing the certificate and the private key.

​Example in Unix

./keyutil.sh import -pw password –keyfile johnsmith.key –certfile johnsmith.cer –p12file johnsmith.p12​​​​

Example in dos:

# keyutil import -pw password –keyfile johnsmith.key –certfile johnsmith.cer –p12file johnsmith.p12