level, keys are managed by
keytool, a utility
supplied with the JRE. This tool allows you to create new keys,
import digital certificates, export existing keys, and generally
interact with the key management system.
keytool has only a command-line interface;
in this section, we’ll look at the typical commands that add,
modify, list, and delete entries in the keystore. Along the way,
we’ll see how you can create your own keys and certificates and
how to get a valid certificate from an official certificate
authority. As we understand the operations provided by
keytool, we’ll be poised to understand the
underlying Java API that we’ll examine later in this chapter.
Keytool implements a number of
global options -- options that are
available to most of its commands. We’ll list these as
appropriate for each command, but here’s an explanation of what
operation should apply to (e.g.,
The default for this value is “mykey.”
name. There is no default for this value, and if you do not specify
it on the command line, you will be prompted to enter it when it is
keytool prompt you is generally
easier since the tool will prompt for the name one field at a time.
Otherwise, you must enter the entire name in one quoted string, like
-dname \ "CN=Scott Oaks, OU=JSD, O=Sun Microsystems, L=NY, S=NY, C=US"