keytool - Key and Certificate Management Tool
Manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates.
keytool [ commands ]
See the What's New section for a detailed description of changes in IBM® SDK, Java™ Technology Edition, Version 7. Note that previously defined commands are still supported.
keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificate.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.
keytool command also enables users to administer secret keys used in
symmetric encryption and decryption (Data Encryption Standard).
keytool command stores the keys and certificates in a keystore.
keytool command uses the
jdk.security.legacyAlgorithms security properties to determine which algorithms
are considered a security risk. It emits warnings when disabled or legacy algorithms are being used.
jdk.security.legacyAlgorithms security properties are defined in the