Values: usage(, usage)*, where usage can be one of anyExtendedKeyUsage, serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, OCSPSigning, or any OID string. The usage argument can be abbreviated with the first few letters ( dig for digitalSignature) or in camel-case style ( dS for digitalSignature or cRLS for cRLSign), as long as no ambiguity is found. Values: usage(, usage)*, where usage can be one of digitalSignature, nonRepudiation (contentCommitment), keyEncipherment, dataEncipherment, keyAgreement, ke圜ertSign, cRLSign, encipherOnly, decipherOnly.
Keytool -printcert or, which is short for ca:true,pathlen. For example, here is the format of the -printcert command: Items in italics (option values) represent the actual values that must be supplied. If this attempt fails, then the keytool command prompts you for the private/secret key password. For the -keypass option, if you do not specify the option on the command line, then the keytool command first attempts to use the keystore password to recover the private/secret key. They do not have any default values other than not existing.īrackets surrounding an option signify that the user is prompted for the values when the option is not specified on the command line. Braces are also used around the -v, -rfc, and -J options, which only have meaning when they appear on the command line. The options for each command can be provided in any order.Īll items not italicized or in braces or brackets are required to appear as is.īraces surrounding an option signify that a default value will be used when the option is not specified on the command line. See Commands for a listing and description of the various commands.Īll command and option names are preceded by a minus sign (-). The keytool command stores the keys and certificates in a keystore. The keytool command also enables users to administer secret keys and passphrases used in symmetric encryption and decryption (DES). Integrity means that the data has not been modified or tampered with, and authenticity means the data comes from whoever claims to have created and signed it. (See Certificate.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. The keytool command also enables users to cache the public keys (in the form of certificates) of their communicating peers.Ī certificate is a digitally signed statement from one entity (person, company, and so on.), that says that the public key (and some other information) of some other entity has a particular value. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself or herself to other users and services) or data integrity and authentication services, using digital signatures. The keytool command is a key and certificate management utility.
0 kommentar(er)
