Public and Private keys are cryptographic certificates which, when used together may be used to securely encrypt or sign data when transmitting it from one system to another. A description of this process is found here.
In Java, public and private keys are each placed in a special file called a keystore. The private key in a keystore must be kept secure. It should be very carefully guarded. The public key in a keystore (which is referred to as a "truststore") does not need to be kept secure. It may be emailed or copied freely.
First, the private key is created using an application called keytool. Note that in the example below:
When this is complete, you now have a keystore containing a private key. This keystore must be kept in a secure location and not copied unneccesarily!
Once you have a keystore containing a self-signed private key, your next step is to export this key to create a truststore. First you must extract the key from the private keystore.
The resulting file "public.cert" contains the public key in a format called PEM. If you are communicating with a remote party (i.e. at another organization) you will want to provide a copy of this file to them. Public Key certificates to not need to be kept secret, but you should be careful that they are not tampered with if you send them externally.
If you send your public key to an outside party, it is a good idea to separately verify that they key hasn't been tampered with. One way to accomplish this is to use OpenSSL to generate an MD5 hash of the certificate. If this command is run by the sender, and also run by the receiver, and the values match, you can be reasonably confident that the key has not been tampered with.
You will now want to provide a copy of your public certificate to the person who will be sending you messages. If they are using the relay as well, they might want to see Creating a Client Keystore for information on what to do with it.