Search

Java Keytool Implementation

Kalgyan 5:14 PM
Currently there are three ways to generate the Keystores through command line using Keytool or jarsigner and through GUI we can use policytool.

Lets take a look more details on Keytool command.  To execute the keytool we required rt.jar and tools.jar.


rt.jar will be under JAVA_HOME/jre/lib  directory and tools.jar can be find under JAVA_HOME/lib.

keytool utility is run thorugh following class "KeyTool" and package is "sun.security.tools" and its class type is final.

eg:

package sun.security.tools;
public final class KeyTool
{
}

Find few important commands under KeyTool class.

CERTREQ : Generates.a.certificate.request
CHANGEALIAS : Changes.an.entry.s.alias
DELETE : Deletes.an.entry
EXPORTCERT : Exports.certificate
GENKEYPAIR : Generates.a.key.pair
GENSECKEY : Generates.a.secret.key
GENCERT : Generates.certificate.from.a.certificate.request
IMPORTCERT : Imports.a.certificate.or.a.certificate.chain
IMPORTKEYSTORE : Imports.one.or.all.entries.from.another.keystore
KEYPASSWD : Changes.the.key.password.of.an.entry
LIST : Lists.entries.in.a.keystore
PRINTCERT : Prints.the.content.of.a.certificate
PRINTCERTREQ : Prints.the.content.of.a.certificate.request
PRINTCRL : Prints.the.content.of.a.CRL.file
STOREPASSWD : Changes.the.store.password.of.a.keystore
KEYCLONE : Clones.a.key.entry
SELFCERT : Generates.a.self.signed.certificate
GENCRL : Generates.CRL
IDENTITYDB : Imports.entries.from.a.JDK.1.1.x.style.identity.database
Find few important Options under KeyTool class.


    ALIAS : alias.name.of.the.entry.to.process
    DESTALIAS : destination.alias
    DESTKEYPASS : destination.key.password
    DESTKEYSTORE : destination.keystore.name
    DESTPROTECTED : destination.keystore.password.protected
    DESTPROVIDERNAME : destination.keystore.provider.name
    DESTSTOREPASS : destination.keystore.password 
    DESTSTORETYPE : destination.keystore.type
    DNAME : distinguished.name
    EXT : X.509.extension
    FILEOUT: output.file.name
    FILEIN : input.file.name
    ID : Serial.ID.of.cert.to.revoke
    INFILE : input.file.name
    KEYALG : key.algorithm.name
    KEYPASS : key.password
    KEYSIZE : key.bit.size
    KEYSTORE : keystore.name
    NEW : new.password
    NOPROMPT : do.not.prompt
    OUTFILE output.file.name
    PROTECTED : password.through.protected.mechanism
    PROVIDERARG : provider.argument
    PROVIDERCLASS : provider.class.name
    PROVIDERNAME : provider.name
    PROVIDERPATH provider.classpath
    RFC : output.in.RFC.style
    SIGALG: signature.algorithm.name
    SRCALIAS : source.alias
    SRCKEYPASS : source.key.password
    SRCKEYSTORE : source.keystore.name
    SRCPROTECTED : source.keystore.password.protected 
    SRCPROVIDERNAME : source.keystore.provider.name
    SRCSTOREPASS : source.keystore.password
    SRCSTORETYPE : source.keystore.type 
    SSLSERVER : SSL.server.host.and.port
    JARFILE : signed.jar.file
    STARTDATE : certificate.validity.start.date.time
    STOREPASS : keystore.password
    STORETYPE : keystore.type 
    TRUSTCACERTS : trust.certificates.from.cacerts
    V : verbose.output
    VALIDITY : validity.number.of.days
   
Tags

Post a Comment

0 Comments

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)