Java Keytool Commands

Lets take a look on Java Keytool and its Commands in detail.

What is this Keytool and where do we find.

Keytool is java utility which is used to managed the keys and certificates.  This java utility allow user to administer their own public and private key with associated certificates. 

Addressing this into simpler way, Keytool is a java tool or utility which binds Private , Intermediate and public certificate together for securing your message and transport level system. 




We will find this keytool option under JAVA_HOME/bin folder.

Let's get into more details.


JAVA_HOME/bin/keytool -help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore


Syntax:

keytool <commands>  [Option1] [Option2].....



Classify Keytool Commands with their Options



-certreq 

Generates a certificate request

Options:

-alias <alias>                  alias name of the entry to process
 -sigalg <sigalg>                signature algorithm name
 -file <filename>                output file name
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -dname <dname>                  distinguished name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism
 
-changealias

Changes an entry's alias

Options:

 -alias <alias>                  alias name of the entry to process
 -destalias <destalias>          destination alias
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism


-delete

Deletes an entry

Options:

 -alias <alias>                  alias name of the entry to process
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism
 


-exportcert

Exports certificate

Options:

 -rfc                            output in RFC style
 -alias <alias>                  alias name of the entry to process
 -file <filename>                output file name
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism


-genkeypair


Generates a key pair

Options:

 -alias <alias>                  alias name of the entry to process
 -keyalg <keyalg>                key algorithm name
 -keysize <keysize>              key bit size
 -sigalg <sigalg>                signature algorithm name
 -destalias <destalias>          destination alias
 -dname <dname>                  distinguished name
 -startdate <startdate>          certificate validity start date/time
 -ext <value>                    X.509 extension
 -validity <valDays>             validity number of days
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

-genseckey


Generates a secret key

Options:

 -alias <alias>                  alias name of the entry to process
 -keypass <arg>                  key password
 -keyalg <keyalg>                key algorithm name
 -keysize <keysize>              key bit size
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism
 

 

-gencert

Generates certificate from a certificate request

Options:

 -rfc                            output in RFC style
 -infile <filename>              input file name
 -outfile <filename>             output file name
 -alias <alias>                  alias name of the entry to process
 -sigalg <sigalg>                signature algorithm name
 -dname <dname>                  distinguished name
 -startdate <startdate>          certificate validity start date/time
 -ext <value>                    X.509 extension
 -validity <valDays>             validity number of days
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism
 

 

 -importcert

 Imports a certificate or a certificate chain

Options:

 -noprompt                       do not prompt
 -trustcacerts                   trust certificates from cacerts
 -protected                      password through protected mechanism
 -alias <alias>                  alias name of the entry to process
 -file <filename>                input file name
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output


-importkeystore


Imports one or all entries from another keystore

Options:

 -srckeystore <srckeystore>            source keystore name
 -destkeystore <destkeystore>          destination keystore name
 -srcstoretype <srcstoretype>          source keystore type
 -deststoretype <deststoretype>        destination keystore type
 -srcstorepass <arg>                   source keystore password
 -deststorepass <arg>                  destination keystore password
 -srcprotected                         source keystore password protected
 -srcprovidername <srcprovidername>    source keystore provider name
 -destprovidername <destprovidername>  destination keystore provider name
 -srcalias <srcalias>                  source alias
 -destalias <destalias>                destination alias
 -srckeypass <arg>                     source key password
 -destkeypass <arg>                    destination key password
 -noprompt                             do not prompt
 -providerclass <providerclass>        provider class name
 -providerarg <arg>                    provider argument
 -providerpath <pathlist>              provider classpath
 -v                                    verbose output

-keypasswd

Changes the key password of an entry

Options:

 -alias <alias>                  alias name of the entry to process
 -keypass <arg>                  key password
 -new <arg>                      new password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output


-list

Lists entries in a keystore

Options:

 -rfc                            output in RFC style
 -alias <alias>                  alias name of the entry to process
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

-printcert


Prints the content of a certificate

Options:

 -rfc                        output in RFC style
 -file <filename>            input file name
 -sslserver <server[:port]>  SSL server host and port
 -jarfile <filename>         signed jar file
 -v                          verbose output
 

-printcertreq


Prints the content of a certificate request

Options:

 -file <filename>  input file name
 -v                verbose output


-printcrl

Prints the content of a CRL file

Options:

 -file <filename>  input file name
 -v                verbose output

 
-storepasswd


Changes the store password of a keystore

Options:

 -new <arg>                      new password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output





No comments:

Post a Comment