O'Reilly logo

Java Security, 2nd Edition by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The keytool

At an administrative level, keys are managed by keytool, a utility supplied with the JRE. This tool allows you to create new keys, import digital certificates, export existing keys, and generally interact with the key management system.

The keytool has only a command-line interface; in this section, we’ll look at the typical commands that add, modify, list, and delete entries in the keystore. Along the way, we’ll see how you can create your own keys and certificates and how to get a valid certificate from an official certificate authority. As we understand the operations provided by keytool, we’ll be poised to understand the underlying Java API that we’ll examine later in this chapter.

Global Options to keytool

Keytool implements a number of global options -- options that are available to most of its commands. We’ll list these as appropriate for each command, but here’s an explanation of what they do:

-alias alias

Specify the alias the operation should apply to (e.g., -alias sdo). The default for this value is “mykey.”

-dname distinguishedName

Specify the distinguished name. There is no default for this value, and if you do not specify it on the command line, you will be prompted to enter it when it is needed. Letting keytool prompt you is generally easier since the tool will prompt for the name one field at a time. Otherwise, you must enter the entire name in one quoted string, like this:

-dname \
"CN=Scott Oaks, OU=JSD, O=Sun Microsystems, L=NY, S=NY, C=US"
-keypass ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required