genseckey

-genseckey {-alias alias | -aliasrange aliasRange} {-keyalg keyalg} {-keysize keysize} [-keypass keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerClass provider_class_name {-providerArg provider_arg}} {-v} {-protected} {-Jjavaoption}

Generates a secret key and stores it in a new KeyStore.SecretKeyEntry identified by alias.

keyalg specifies the algorithm to be used to generate the secret key, and keysize specifies the size of the key to be generated. keypass is a password used to protect the secret key. If no password is provided, the user is prompted for it. If you press RETURN at the prompt, the key password is set to the same password as that used for the keystore. keypass must be at least 6 characters long.

aliasrange is feature added by IBM. These aliases for a symmetric key may be: up to 12 (printable) characters long or a 3 character prefix (alphabetic), 00 and 16 characters of hex digits. This limits the sizes of the aliases accepted for symmetric keys. Examples of accepted aliases that are in the keystore and associated with a symmetric key are:

abcfrg
ibmkey123tape
abc000000000000000001
abc00a0120fa000000001

aliases that would not be accepted are:

abcefghij1234567 - wrong length
abcg0000000000000001 - prefix is longer than 3 characters

From the commandline, these are examples of valid aliasrange:

-aliasrange ibm1-a
-aliasrange xyz01-fff

If one alias already exists in the keystore, keytool will throw an exception and exit.

The -genseckey command is not supported for RACF® keystores.