You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by ml...@apache.org on 2006/08/21 09:31:51 UTC
svn commit: r433189 - in /incubator/harmony:
enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html
standard/site/docs/subcomponents/classlibrary/index.html
standard/site/xdocs/subcomponents/classlibrary/index.xml
Author: mloenko
Date: Mon Aug 21 00:31:50 2006
New Revision: 433189
URL: http://svn.apache.org/viewvc?rev=433189&view=rev
Log:
applied patch for HARMONY-1223
[doc] Draft for Keytool user's guide
Added:
incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html
Modified:
incubator/harmony/standard/site/docs/subcomponents/classlibrary/index.html
incubator/harmony/standard/site/xdocs/subcomponents/classlibrary/index.xml
Added: incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html?rev=433189&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html (added)
+++ incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html Mon Aug 21 00:31:50 2006
@@ -0,0 +1,305 @@
+<!--
+ Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<html>
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<meta http-equiv="Content-Language" content="en-us">
+<title>Keytool description</title>
+</head>
+
+<body>
+
+<table border="0" width="100%">
+ <tr>
+ <td valign="top">
+
+<font face="Courier New"><b><font size="4">Short description.</font></b></font><p>
+<font face="Courier New">Keytool is a tool for managing key pairs, secret keys and certificates.
+
+</font>
+ </p>
+ <p><font face="Courier New"><b><font size="4">Keytool usage</font></b>
+
+ </font></p>
+ <p><font face="Courier New">keytool {-<command_name>} {-<command_option>} {<option_value>}... -J<java_option>
+ </font></p>
+ <p><font face="Courier New"><b><font size="4">Description</font></b>
+
+ </font></p>
+ <p><font face="Courier New">Keytool is an utility that lets users to manage keys and X.509 certificates which are used for authentication of an entity or self-authentication.
+
+The tools stores the certificates and keys in database which is called keystore. Keystore is usually implemented as a file and protected with password.
+
+ </font></p>
+ <p><b><font size="4" face="Courier New">Default values of the options</font></b></p>
+ <p><font face="Courier New">-alias "mykey"
+
+-cacerts {<i>JAVA_HOME</i>}/lib/security/cacerts </font></p>
+ <p><font face="Courier New">-cacertspass "changeit"
+
+</font></p>
+ <p><font face="Courier New">-certserial <i>random integer value</i>
+
+ </font></p>
+ <p><font face="Courier New">-convkeystore {<i>USER_HOME</i>}/{<i>keystore_type_to_convert_to</i>}_converted.keystore,
+ E.g. "<a href="file:///C:/users/Joe/jks_converted.keystore">C:\users\Joe\jks_converted.keystore</a>"</font></p>
+<p><font face="Courier New">If a file with such name already exists, an index is
+added to the end of the file name: {<i>USER_HOME</i>}/{<i>keystore_type_to_convert_to</i>}_converted<i>_{index}</i>.keystore,
+e.g. "<a href="file:///C:/users/Joe/jks_converted.keystore">C:\users\Joe\jks_converted_1.keystore</a>"</font></p>
+ <p><font face="Courier New">-convstorepass <i>password for main keystore</i>
+ </font></p>
+<p><font face="Courier New">-file <i>stdin for input, stdout for output</i>
+
+ </font></p>
+ <p><font face="Courier New">-keyalg "DSA"
+
+</font></p>
+ <p><font face="Courier New">-keysize 1024
+
+</font></p>
+ <p><font face="Courier New">-keystore {<i>USER_HOME</i>}/.keystore
+
+ </font></p>
+ <p><font face="Courier New">-sigalg <i>"SHA1withDSA" if certificate issuer's private key algorithm is "DSA" or "MD5withRSA" if key algorithm is "RSA"
+</i></font></p>
+ <p><font face="Courier New">-storetype <i>value of "keystore.type" property in {JAVA_HOME}/lib/security/java.security file</i>
+
+ </font></p>
+ <p><font face="Courier New">-validity 90</font></p>
+ <p><font face="Courier New">-x509version 3</font></p>
+ <p><font face="Courier New">-certprovider, -keyprovider, -mdprovider, -sigprovider, -ksprovider, -convprovider <i>the provider which name is noted after -provider option if any.</i>
+
+<br>
+<br>
+-keypass <i>if key entry password does not equal keystore password, the user will ne prompted to enter it.
+</i>
+-provider <i>if the option is not specified and no "specific provider" name given for the action, it will be performed using one of security providers available in the system.
+</i>
+
+</font></p>
+ <p><font face="Courier New">Default command is -help.
+
+</font></p>
+ <p><font face="Courier New"><b><font size="4">Common options</font></b>
+
+ </font></p>
+ <p><font face="Courier New">-keystore <i>keystore </i><br>
+<br>The path to keystore. Its default value is {USER_HOME}/.keystore.
+
+</font></p>
+ <p><font face="Courier New">-storetype <i>store_type</i> <br>
+<br>Type of the keystore. If it is not given in command line, default value is used.
+
+ </font></p>
+ <p><font face="Courier New">-storepass <i>store_password</i> <br>
+<br>The password used to protect keystore integrity. If a new keystore is created the the value must be equal or more than 6 characters. If keytool works with an existing keystore, the password can be of any length. If the password is not given in command line it is prompted for.
+
+ </font></p>
+ <p><font face="Courier New">-cacerts <i>cacerts</i> <br>
+<br>The path to the cacerts file. cacerts is a keystore that contains certificates of widely known Certificate Authorities (CAs). If it is not given in command line, default value is used.
+
+ </font></p>
+ <p><font face="Courier New">-cacertspass <i>cacerts_pass</i>word<br>
+<br>The password used to protect integrity of cacerts keystore. See -storepass option description.
+
+ </font></p>
+ <p><font face="Courier New">-provider <i>provider_name</i><br>
+<br>The name of the security provider to use when performing the action.
+
+
+
+</font></p>
+ <p><b><font size="4" face="Courier New">Commands
+</font></b></p>
+ <p><i><font face="Courier New"><b>-certreq</b> {-alias <alias>} {-file <csr_file>}
+ {-sigalg <signature_algorithm>} {-keypass <key_password>} {-sigprovider
+ <signature_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}
+
+</font></i></p>
+ <p><font face="Courier New">Generates a Certificate Signing Request (CSR). The request is generated based on data taken from keystore entry associated with <alias> given. The certificate request is printed to a file <csr_file>, if its name is supplied, or otherwise printed to stdout.
+
+
+ </font></p>
+ <p> </p>
+ <p><i><font face="Courier New"><b>-checkcrl</b> {-file <certificate_file>} {-crlfile <crl_file>}
+ {-certprovider <cert_provider_name>} {-mdprovider <MD_provider_name>} {-ksprovider
+ <keystore_provider_name>} {-provider <provider_name>} {-keystore <keystore_path>}
+ {-storepass <store_password>} {-v} {-storetype <store_type>} {-cacerts <cacerts_path>}
+ {-cacertspass <cacerts_password>}
+
+</font></i></p>
+ <p><font face="Courier New">Checks if the certificate given in the <certificate_file> is contained in the CRL which is stored in the <crl_file> file. If the file name is not given, stdin is used.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-convert</b> {-convtype <result_type>} {-convkeystore <result_store>}
+ {-convstorepass <result_store_pass>} {-convkeys} {-convprovider <convert_provider_name>}
+ {-ksprovider <keystore_provider_name>} {-provider <provider_name>}
+ {-keystore <keystore_path>} {-storepass <store_password>} {-v} {-storetype
+ <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>} </i>
+
+</font></p>
+ <p><font face="Courier New">Converts keystore to type <result_type> and saves it to <result_store> and protects with password <result_store_pass>. If <result_store_pass> is not set <store_password> is used. If "-convkeys" option has been specified, an attempt to convert key entries is performed. Only entries with password equal to keystore password are converted.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-delete</b> {-alias <alias>} {-ksprovider
+ <keystore_provider_name>} {-provider <provider_name>} {-keystore <keystore_path>}
+ {-storepass <store_password>} {-v} {-storetype <store_type>} {-cacerts <cacerts_path>}
+ {-cacertspass <cacerts_password>} </i>
+
+</font></p>
+ <p><font face="Courier New">Removes from the keystore the entry associated with <alias>.
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-export</b> {-rfc | -v} {-alias
+ <alias>} {-file <certificate_file>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>} </i>
+
+</font></p>
+ <p><font face="Courier New">Reads an X.509 certificate associated with <alias> and prints it into the given <certificate_file>. If The file name is not given, the certificate is printed to stdout. If -rfc option is used, the certificate is printed in printable BASE64 encoding (PEM) otherwise it is printed in binary encoding (DER). Both "-rfc" and "-v" options may not be specified.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-genkey</b> {-alias <alias>} {-keyalg
+ <key_algorithm>} {-keysize <key_size>} {-sigalg <signature_algorithm>}
+ {-validity <validity_period>} {-dname <X500_distinguished_dname>}
+ {-x509version <X509_version>} {-ca} {-certserial <cert_serial_number>}
+ {-secretkey} {-keypass <key_password>} {-issuer <issuer_alias>} {-issuerpass
+ <issuer_password>} {-keyprovider <key_provider_name>} {-certprovider <cert_provider_name>}
+ {-sigprovider <signature_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>} </i>
+
+</font></p>
+ <p><font face="Courier New">Generates a key pair or a secret key. <br>
+<br>Generation of key pair.<br>Key pair is composed of a private and a public key. Keytool wraps the public key into a self-signed X.509 (v1, v2, v3) certificate and puts the certificate into a single-element certificate chain OR signs the certificate with private key from another key entry <issuer_alias> and adds its chain to the newly generated certificate. <issuer_password> is used to recover the <issuer_alias> entry. After that keytool adds to the keystore a new entry containing the generated private key and the chain with alias <alias> and protected with <key_password>. Subject of the new certificate is generated based on <X500_distinguished_dname>. If it is not given in the command line it is prompted for. The certificate validity period is set to <validity_period>. X.509 certificate version is set to <X509_version>, certificate serial number is set to <cert_serial_number>. If "-ca" option is specified, th
e certificate can be used to sign another certificates. <br>
+<br>Secret key generation.<br>If a secret key is generated it is put into a secret key entry, with null certificate chain. If "-secretkey" option is specified, a secret key will. be generated instead of key pair and a certificate which are generated by default.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-help</b> {<command_name>} </i> </font></p>
+ <p><font face="Courier New">If no command name is given shows the list of the commands with their short descriptions. If a command name is given shows the usage of the command and its description.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-import</b> {-alias <alias>} {-file <certificate_file>}
+ {-noprompt} {-trustcacerts} {-keypass <key_password>} {-cacerts <cacerts_path>}
+ {-cacertspass <cacerts_password>} {-certprovider <cert_provider_name>}
+ {-mdprovider <MD_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}</i></font></p>
+ <p><font face="Courier New">Reads an X.509 certificate or a PKCS#7 formatted certificate chain from the file <certificate_file> and puts it into the entry identified by <alias>. If the input file is not specified, the certificates are read from the standard input. If <alias> already exists the imported certificate chain is interpreted as a reply to CSR generated for the certificate associated with <alias>, otherwise it is considered to be a trusted certificate. If "-noprompt" option is specified, the certificate is added to the keystore even if an equal certificate is in keystore or the certificate issuer's certificate is not contained in keystore (and in cacerts if "-trustcacerts" option is specified), otherwise the user is asked to confirm that the certificate should be imported.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-keyclone</b> {-alias <alias>} {-dest
+ <dest_alias>} {-new <new_password>} {-keypass <key_password>} {-ksprovider
+ <keystore_provider_name>} {-provider <provider_name>} {-keystore <keystore_path>}
+ {-storepass <store_password>} {-v} {-storetype <store_type>} {-cacerts <cacerts_path>}
+ {-cacertspass <cacerts_password>} </i>
+
+</font></p>
+ <p><font face="Courier New">Copies the key and the certificate chain (if any) from the keystore entry identified by <alias> into a newly created one with alias <dest_alias> and protected with password <new_password>. If any of <dest_alias> or <new_password> is not specified it is prompted for.
+
+
+ </font></p>
+ <p> </p>
+ <p><i><font face="Courier New"><b>-keypasswd</b> {-alias <alias>} {-keypass
+ <old_key_password>} {-new <new_password>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}
+
+</font></i></p>
+ <p><font face="Courier New">Changes the key password of the entry associated with alias <alias> to <new_password>.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-list</b> {-rfc | -v} {-alias <alias>}
+ {-mdprovider <MD_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}</i>
+
+</font></p>
+ <p><font face="Courier New">Prints the contents of the entry associated with the <alias>. If no alias is specified, the contents of the entire keystore are printed.<span lang="en"> </span>If -rfc option is used, certificates are printed in printable BASE64 encoding (PEM) otherwise they are printed in binary encoding (DER). Both "-rfc" and "-v" options may not be specified.
+
+
+ </font></p>
+ <p> </p>
+ <p><i><font face="Courier New"><b>-printcert</b> {-v} {-file <certificate_file>}
+ {-certprovider <cert_provider_name>}</font></i><font face="Courier New"><i>
+ {-mdprovider <MD_provider_name>} {-provider <provider_name>}</i></font></p>
+ <p><font face="Courier New">Prints the detailed description of a certificate contained in file <certificate_file> in a human-readable format: its owner and issuer, serial number, validity period and fingerprints. Keystore is not used.
+
+
+ </font></p>
+ <p> </p>
+ <p><i><font face="Courier New"><b>-selfcert</b> {-alias <alias>} {-dname
+ <X500_distinguished_dname>} {-validity <validity_period>} {-sigalg <signature_algorithm>}
+ {-keypass <key_password>} {-ca} {-certserial <cert_serial_number>} {-sigprovider
+ <signature_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}
+
+</font></i></p>
+ <p><font face="Courier New">Generates an X.509 (v1, v2, v3) self-signed certificate using a key pair associated with <alias>. If X.500 Distinguished Name is supplied it is used as both subject and issuer of thecertificate. Otherwise the distinguished name associated with alias is used. Signature algorithm, validity period and certificate serial number are taken from command line if defined there or from the keystore entry identified by alias. If "-ca" option is specified, generated certificate will can be used for signing another certifictes. If "-secretkey" option is specified, a secret key will be generated instead of key pair and a certificate which are generated by default.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-storepasswd</b> {-new <new_password>}
+ {-ksprovider <keystore_provider_name>} {-provider <provider_name>}
+ {-keystore <keystore_path>} {-storepass <store_password>} {-v} {-storetype
+ <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}</i>
+
+</font></p>
+ <p><font face="Courier New">Changes the keystore password to <new_password>.
+
+
+ </font></p>
+ <p> </p>
+ <p><font face="Courier New"><i><b>-verify</b> {-file <certificate_file>}
+ {-crlfile <crl_file>} {-trustcacerts} {-cacerts <cacerts_path>} {-cacertspass
+ <cacerts_password>} {-certprovider <cert_provider_name>} {-sigprovider <signature_provider_name>}
+ {-mdprovider <MD_provider_name>} {-ksprovider <keystore_provider_name>}
+ {-provider <provider_name>} {-keystore <keystore_path>} {-storepass <store_password>}
+ {-v} {-storetype <store_type>} {-cacerts <cacerts_path>} {-cacertspass <cacerts_password>}</i>
+
+</font></p>
+ <p><font face="Courier New">A cerificate chain is built by looking up the certificate of the issuer of the current certificate. If a sertificate is self-signed it is assumed to be the root CA. After that the certificates are searched in the lists of revoked certificates. Certificate signatures are checked and certificate path is built in the same way as in import operation. If an error occurs the flow is not stopped but an attempt to continue is made. The results of the verification are printed to stdout.
+
+ <br> </font> </td>
+ </tr>
+</table>
+
+
+
+</body>
+
+</html>
+
Modified: incubator/harmony/standard/site/docs/subcomponents/classlibrary/index.html
URL: http://svn.apache.org/viewvc/incubator/harmony/standard/site/docs/subcomponents/classlibrary/index.html?rev=433189&r1=433188&r2=433189&view=diff
==============================================================================
--- incubator/harmony/standard/site/docs/subcomponents/classlibrary/index.html (original)
+++ incubator/harmony/standard/site/docs/subcomponents/classlibrary/index.html Mon Aug 21 00:31:50 2006
@@ -321,6 +321,14 @@
operating system.
</blockquote>
</li>
+ <li>
+<a href="http://svn.apache.org/viewcvs.cgi/*checkout*/incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html">
+ Keytool user's guide draft</a>
+ <blockquote>
+ A draft of description of Keytool utility.
+ </blockquote>
+ </li>
+
</ul>
</blockquote>
</td></tr>
Modified: incubator/harmony/standard/site/xdocs/subcomponents/classlibrary/index.xml
URL: http://svn.apache.org/viewvc/incubator/harmony/standard/site/xdocs/subcomponents/classlibrary/index.xml?rev=433189&r1=433188&r2=433189&view=diff
==============================================================================
--- incubator/harmony/standard/site/xdocs/subcomponents/classlibrary/index.xml (original)
+++ incubator/harmony/standard/site/xdocs/subcomponents/classlibrary/index.xml Mon Aug 21 00:31:50 2006
@@ -113,6 +113,14 @@
operating system.
</blockquote>
</li>
+ <li>
+<a href="http://svn.apache.org/viewcvs.cgi/*checkout*/incubator/harmony/enhanced/classlib/trunk/doc/tools/Keytool/Keytool_help.html">
+ Keytool user's guide draft</a>
+ <blockquote>
+ A draft of description of Keytool utility.
+ </blockquote>
+ </li>
+
</ul>
</subsection>