The keytool
At an
administrative
level, keys are managed by keytool, a utility
supplied with the JRE. This tool allows you to create new keys,
import digital certificates, export existing keys, and generally
interact with the key management system.
The keytool has only a command-line interface;
in this section, we’ll look at the typical commands that add,
modify, list, and delete entries in the keystore. Along the way,
we’ll see how you can create your own keys and certificates and
how to get a valid certificate from an official certificate
authority. As we understand the operations provided by
keytool, we’ll be poised to understand the
underlying Java API that we’ll examine later in this chapter.
Global Options to keytool
Keytool implements a number of
global options -- options that are
available to most of its commands. We’ll list these as
appropriate for each command, but here’s an explanation of what
they do:
- -alias alias
Specify the alias the operation should apply to (e.g.,
-alias sdo). The default for this value is “mykey.”
- -dname distinguishedName
Specify the distinguished name. There is no default for this value, and if you do not specify it on the command line, you will be prompted to enter it when it is needed. Letting
keytoolprompt you is generally easier since the tool will prompt for the name one field at a time. Otherwise, you must enter the entire name in one quoted string, like this:-dname \ "CN=Scott Oaks, OU=JSD, O=Sun Microsystems, L=NY, S=NY, C=US"
- -keypass ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
