Java Keytool Implementation

Currently there are three ways to generate the Keystores through command line using Keytool or jarsigner and through GUI we can use policytool.

Lets take a look more details on Keytool command.  To execute the keytool we required rt.jar and tools.jar.

rt.jar will be under JAVA_HOME/jre/lib  directory and tools.jar can be find under JAVA_HOME/lib.

keytool utility is run thorugh following class "KeyTool" and package is "sun.security.tools" and its class type is final.

eg:

package sun.security.tools;
public final class KeyTool
{
}

Find few important commands under KeyTool class.

CERTREQ :
Generates.a.certificate.request
CHANGEALIAS :
Changes.an.entry.s.alias
DELETE :
Deletes.an.entry
EXPORTCERT :
Exports.certificate
GENKEYPAIR :
Generates.a.key.pair
GENSECKEY :
Generates.a.secret.key
GENCERT :
Generates.certificate.from.a.certificate.request
IMPORTCERT :
Imports.a.certificate.or.a.certificate.chain
IMPORTKEYSTORE :
Imports.one.or.all.entries.from.another.keystore
KEYPASSWD :
Changes.the.key.password.of.an.entry
LIST :
Lists.entries.in.a.keystore
PRINTCERT :
Prints.the.content.of.a.certificate
PRINTCERTREQ :
Prints.the.content.of.a.certificate.request
PRINTCRL :
Prints.the.content.of.a.CRL.file
STOREPASSWD :
Changes.the.store.password.of.a.keystore
KEYCLONE :
Clones.a.key.entry
SELFCERT :
Generates.a.self.signed.certificate
GENCRL :
Generates.CRL
IDENTITYDB :
Imports.entries.from.a.JDK.1.1.x.style.identity.database
Find few important Options under KeyTool class.


    ALIAS :
alias.name.of.the.entry.to.process
    DESTALIAS :
destination.alias
    DESTKEYPASS :
destination.key.password
    DESTKEYSTORE :
destination.keystore.name
    DESTPROTECTED :
destination.keystore.password.protected
    DESTPROVIDERNAME :
destination.keystore.provider.name
    DESTSTOREPASS :
destination.keystore.password 
    DESTSTORETYPE :
destination.keystore.type
    DNAME :
distinguished.name
    EXT :
X.509.extension
    FILEOUT:
output.file.name
    FILEIN :
input.file.name
    ID :
Serial.ID.of.cert.to.revoke
    INFILE :
input.file.name
    KEYALG :
key.algorithm.name
    KEYPASS :
key.password
    KEYSIZE :
key.bit.size
    KEYSTORE :
keystore.name
    NEW :
new.password
    NOPROMPT :
do.not.prompt
    OUTFILE
output.file.name
    PROTECTED :
password.through.protected.mechanism
    PROVIDERARG :
provider.argument
    PROVIDERCLASS :
provider.class.name
    PROVIDERNAME :
provider.name
    PROVIDERPATH
provider.classpath
    RFC :
output.in.RFC.style
    SIGALG:
signature.algorithm.name
    SRCALIAS :
source.alias
    SRCKEYPASS :
source.key.password
    SRCKEYSTORE :
source.keystore.name
    SRCPROTECTED :
source.keystore.password.protected 
    SRCPROVIDERNAME :
source.keystore.provider.name
    SRCSTOREPASS :
source.keystore.password
    SRCSTORETYPE :
source.keystore.type 
    SSLSERVER :
SSL.server.host.and.port
    JARFILE :
signed.jar.file
    STARTDATE :
certificate.validity.start.date.time
    STOREPASS :
keystore.password
    STORETYPE :
keystore.type 
    TRUSTCACERTS :
trust.certificates.from.cacerts
    V :
verbose.output
    VALIDITY :
validity.number.of.days
   

No comments:

Post a Comment