JDK 1.1 and later.
javakey options
javakey provides a command-line interface to a number of complex key and certificate generation and management tasks, including the generation of digital signatures. There are quite a few options that perform a number of distinct operations. javakey manages a system database of entities. Each entity may have public and private keys and/or certificates associated with it, and in addition, each entity may be declared to be trusted or not. Any entity in the database may be an "identity" or a "signer." Identities have only a public key associated with them, while signers have both a public and private key, and thus may sign files.
The different javakey operations are specified with the various options described below.
Create. Create and add a new identity to the database, using the specified name. If the identity name is followed by true, declare the identity to be trusted. Otherwise make it untrusted.
Create signer. Create and add a new signer entity to the database, using the specified name. If the name is followed by true, declare the signer to be trusted. Otherwise make it untrusted.
Assign trust. Specify whether the named entity is trusted (true) or not (false).
List. List the names of all entities in the security database.
List details. List the names and other details about all entities in the security database.
List information. List detailed information about the named entity from the security database.
Remove. Remove the named entity from the security database.
Import key. Read a public key from the specified file and associate it with the named identity. The key must be in X.509 format.
Import key pair. Read the specified public key and private key files and associate them with the named signer entity. The keys must be in X.509 format.
Import certificate. Read a certificate from the named certificate file and associate it with the named entity. If the entity already has a public key, compare it to the key in the certificate and issue a warning if they do not match. If the entity has not had a public key assigned, use the public key from the certificate.
Import information. This command allows you to enter arbitrary textual information about an entity into the database.
Generate key. Generate a public and private key and associate them with the named signer. Use the specified algorithm. Currently, the only supported algorithm is "DSA." Generates keys of the specified number of bits, which must be between 512 and 1024. If pubfile is specified, write the public key to the specified file. If privfile is specified, write the private key to the specified file.
A synonym for the -gk command.
Generate certificate. Generate a certificate according to the parameters specified in the directive file. The directive file is a Properties file that must provide values for the following named properties:
Display certificate. Display the contents of the certificate stored in certfile.
Export certificate. Output the numbered certificate of the specified entity into the specified file. Use the -li command to inspect the certificate numbers for a given entity.
Export key. Output the public key of the specified entity into the specified file. If the entity is a signer, and the privfile is specified, additionally export the private key of the entity to that file.
Generate signature. Apply a digital signature to the specified JAR file using the directives in the specified directive file. The directive file is a Properties file that must provide values for the following named properties:
jar