The JDK comes with the
keytool program, which is a command-line tool to generate and manage a set of certificates. We expect that ultimately the functionality of this tool will be embedded in other, more user-friendly programs. But right now, we’ll use
keytool to show how Alice can sign a document and send it to Bob, and how Bob can verify that the document really was signed by Alice and not an imposter.
keytool program manages keystores, databases of certificates and private/public key pairs. Each entry in the keystore has an alias. Here is how Alice creates a keystore,
alice.certs, and generates a key pair with alias
keytool -genkeypair -keystore alice.certs -alias alice
When creating or opening a keystore, ...