Outdated: JDK 1.6 keytool - keystore File Tool
This section describes all commands supported in JDK 1.6 'keytool' tool to manage certificates stored in 'keystore' files.
In JDK 1.6, the "keytool" has been changed to offer the following set of commands:
- "-genkeypair": Same as the old command "-genkey" to generate a key pair (a public key and associated private key).
Wraps the public key into an X.509 v3 self-signed certificate, which is stored as a single-element certificate chain.
This certificate chain and the private key are stored in a new keystore entry identified by alias.
- "-genseckey": Generates a secret key and stores it in a new KeyStore.SecretKeyEntry identified by alias.
- "-importcert": Same as the old command "-import" to read the certificate or certificate chain
(where the latter is supplied in a PKCS#7 formatted reply) from the file cert_file,
and stores it in the keystore entry identified by alias. If no file is given, the certificate
or PKCS#7 reply is read from stdin.
- "-importkeystore": Imports a single entry or all entries from a source keystore to a destination keystore.
The "-importkeystore" command can also be used to migrate keys from other storage formats like PKCS#12.
- "-certreq": Generates a Certificate Signing Request (CSR), using the PKCS#10 format.
- "-exportcert": Same as the old command "-export" to read (from the keystore) the certificate associated with alias,
and stores it in the file cert_file.
- "-list": Prints (to stdout) the contents of the keystore entry identified by alias.
If no alias is specified, the contents of the entire keystore are printed.
- "-printcert": Reads the certificate from the file cert_file, and prints its contents in a human-readable format.
If no file is given, the certificate is read from stdin.
- "-storepasswd": Changes the password used to protect the integrity of the keystore contents.
The new password is new_storepass, which must be at least 6 characters long..
- "-keypasswd": Changes the password under which the private/secret key identified by alias is protected,
from old_keypass to new_keypass, which must be at least 6 characters long.
- "-delete": Deletes from the keystore the entry identified by alias.
The user is prompted for the alias, if no alias is provided at the command line.
- "-changealias": Move an existing keystore entry from the specified alias to a new alias, destalias.
If no destination alias is provided, the command will prompt for one. If the original entry is protected
with an entry password, the password can be supplied via the "-keypass" option.
If no key password is provided, the storepass (if given) will be attempted first.
If that attempt fails, the user will be prompted for a password.
- "-help": Lists the basic commands and their options.
Last update: 2015.
Table of Contents
About This Book
Java Tools Terminology
Java Tools Included in JDK
javac - The Java Program Compiler
jar - The JAR File Tool
jlink - The JRE Linker
jmod - The JMOD File Tool
jimage - The JIMAGE File Tool
java - The Java Program Launcher
jdb - The Java Debugger
jcmd - The JVM Diagnostic Tool
jconsole - Java Monitoring and Management Console
jstat - JVM Statistics Monitoring Tool
JVM Troubleshooting Tools
jvisualvm (Java VisualVM) - JVM Visual Tool
jmc - Java Mission Control
javap - The Java Class File Disassembler
keytool - Public Key Certificate Tool
jarsigner - JAR File Signer
jshell - Java Language Shell
native2ascii - Native-to-ASCII Encoding Converter
Outdated: Downloading and Installing Java 8
Outdated: Downloading and Installing J2SE 1.6.0 on Windows
►Outdated: JDK 1.6 keytool - keystore File Tool
Outdated: Downloading and Installing J2SE 1.5.0 on Windows
Outdated: JDK 1.5 keytool - keystore File Tool
Full Version in PDF/EPUB