--- old/src/java.base/share/man/keytool.1 2020-01-14 13:13:49.519052292 -0800 +++ new/src/java.base/share/man/keytool.1 2020-01-14 13:13:49.215038887 -0800 @@ -8,7 +8,7 @@ .\" .\" This code is distributed in the hope that it will be useful, but WITHOUT .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License .\" version 2 for more details (a copy is included in the LICENSE file that .\" accompanied this code). .\" @@ -22,7 +22,7 @@ .\" .\" Automatically generated by Pandoc 2.3.1 .\" -.TH "KEYTOOL" "1" "2019" "JDK 13" "JDK Commands" +.TH "KEYTOOL" "1" "2020" "JDK 14" "JDK Commands" .hy .SH NAME .PP @@ -325,10 +325,10 @@ .IP .nf \f[CB] -keytool\ \-alias\ ca\ \-dname\ CN=CA\ \-genkeypair -keytool\ \-alias\ ca1\ \-dname\ CN=CA\ \-genkeypair -keytool\ \-alias\ ca2\ \-dname\ CN=CA\ \-genkeypair -keytool\ \-alias\ e1\ \-dname\ CN=E1\ \-genkeypair +keytool\ \-alias\ ca\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa +keytool\ \-alias\ ca1\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa +keytool\ \-alias\ ca2\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa +keytool\ \-alias\ e1\ \-dname\ CN=E1\ \-genkeypair\ \-keyalg\ rsa \f[R] .fi .PP @@ -365,7 +365,7 @@ .IP \[bu] 2 {\f[CB]\-alias\f[R] \f[I]alias\f[R]}: Alias name of the entry to process .IP \[bu] 2 -{\f[CB]\-keyalg\f[R] \f[I]alg\f[R]}: Key algorithm name +\f[CB]\-keyalg\f[R] \f[I]alg\f[R]: Key algorithm name .IP \[bu] 2 {\f[CB]\-keysize\f[R] \f[I]size\f[R]}: Key bit size .IP \[bu] 2 @@ -379,7 +379,7 @@ {\f[CB]\-startdate\f[R] \f[I]date\f[R]}: Certificate validity start date and time .IP \[bu] 2 -[\f[CB]\-ext\f[R] \f[I]value\f[R]}*: X.509 extension +{\f[CB]\-ext\f[R] \f[I]value\f[R]}*: X.509 extension .IP \[bu] 2 {\f[CB]\-validity\f[R] \f[I]days\f[R]}: Validity number of days .IP \[bu] 2 @@ -503,7 +503,7 @@ .IP \[bu] 2 [\f[CB]\-keypass\f[R] \f[I]arg\f[R]]: Key password .IP \[bu] 2 -{\f[CB]\-keyalg\f[R] \f[I]alg\f[R]}: Key algorithm name +\f[CB]\-keyalg\f[R] \f[I]alg\f[R]: Key algorithm name .IP \[bu] 2 {\f[CB]\-keysize\f[R] \f[I]size\f[R]}: Key bit size .IP \[bu] 2 @@ -675,7 +675,7 @@ \f[CB]\-importkeystore\f[R] command: .RS .IP \[bu] 2 -{\f[CB]\-srckeystore\f[R] \f[I]keystore\f[R]}: Source keystore name +\f[CB]\-srckeystore\f[R] \f[I]keystore\f[R]: Source keystore name .IP \[bu] 2 {\f[CB]\-destkeystore\f[R] \f[I]keystore\f[R]}: Destination keystore name .IP \[bu] 2 @@ -1028,7 +1028,7 @@ command: .RS .IP \[bu] 2 -\f[CB]\-file\ crl\f[R]: Input file name +{\f[CB]\-file\ crl\f[R]}: Input file name .IP \[bu] 2 {\f[CB]\-v\f[R]}: Verbose output .PP @@ -1470,10 +1470,6 @@ \f[CB] \-alias\ "mykey" -\-keyalg -\ \ \ \ "DSA"\ (when\ using\ \-genkeypair) -\ \ \ \ "DES"\ (when\ using\ \-genseckey) - \-keysize \ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "RSA") \ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "DSA") @@ -1523,7 +1519,7 @@ SHA256withDSA T} T{ -RSA \ \ \ +RSA T}@T{ <= 3072 T}@T{ @@ -1778,7 +1774,7 @@ You can enter the command as a single line such as the following: .RS .PP -\f[CB]keytool\ \-genkeypair\ \-dname\ "cn=myname,\ ou=mygroup,\ o=mycompany,\ c=mycountry"\ \-alias\ business\ \-keypass\f[R] +\f[CB]keytool\ \-genkeypair\ \-dname\ "cn=myname,\ ou=mygroup,\ o=mycompany,\ c=mycountry"\ \-alias\ business\ \-keyalg\ rsa\ \-keypass\f[R] \f[I]password\f[R] \f[CB]\-keystore\ /working/mykeystore\ \-storepass\ password\ \-validity\ 180\f[R] .RE @@ -1790,10 +1786,10 @@ distinguished name is \f[CB]myname\f[R], \f[CB]mygroup\f[R], \f[CB]mycompany\f[R], and a two\-letter country code of \f[CB]mycountry\f[R]. -It uses the default DSA key generation algorithm to create the keys; -both are 2048 bits +It uses the RSA key generation algorithm to create the keys; both are +2048 bits .PP -The command uses the default SHA256withDSA signature algorithm to create +The command uses the default SHA256withRSA signature algorithm to create a self\-signed certificate that includes the public key and the distinguished name information. The certificate is valid for 180 days, and is associated with the @@ -1804,13 +1800,13 @@ .PP The command is significantly shorter when the option defaults are accepted. -In this case, no options are required, and the defaults are used for -unspecified options that have default values. +In this case, only \f[CB]\-keyalg\f[R] is required, and the defaults are +used for unspecified options that have default values. You are prompted for any required values. You could have the following: .RS .PP -\f[CB]keytool\ \-genkeypair\f[R] +\f[CB]keytool\ \-genkeypair\ \-keyalg\ rsa\f[R] .RE .PP In this case, a keystore entry with the alias \f[CB]mykey\f[R] is created, @@ -1824,10 +1820,9 @@ .PP \f[B]Note:\f[R] .PP -The rest of the examples assume that you executed the -\f[CB]\-genkeypair\f[R] command without specifying options, and that you -responded to the prompts with values equal to those specified in the -first \f[CB]\-genkeypair\f[R] command. +The rest of the examples assume that you responded to the prompts with +values equal to those specified in the first \f[CB]\-genkeypair\f[R] +command. For example, a distinguished name of \f[CB]cn=\f[R]\f[I]myname\f[R]\f[CB],\ ou=\f[R]\f[I]mygroup\f[R]\f[CB],\ o=\f[R]\f[I]mycompany\f[R]\f[CB],\ c=\f[R]\f[I]mycountry\f[R]). .SH REQUESTING A SIGNED CERTIFICATE FROM A CA @@ -2042,13 +2037,12 @@ SSL server (\f[CB]server\f[R]) .PP Ensure that you store all the certificates in the same keystore. -In the following examples, RSA is the recommended the key algorithm. .IP .nf \f[CB] -keytool\ \-genkeypair\ \-keystore\ root.jks\ \-alias\ root\ \-ext\ bc:c -keytool\ \-genkeypair\ \-keystore\ ca.jks\ \-alias\ ca\ \-ext\ bc:c -keytool\ \-genkeypair\ \-keystore\ server.jks\ \-alias\ server +keytool\ \-genkeypair\ \-keystore\ root.jks\ \-alias\ root\ \-ext\ bc:c\ \-keyalg\ rsa +keytool\ \-genkeypair\ \-keystore\ ca.jks\ \-alias\ ca\ \-ext\ bc:c\ \-keyalg\ rsa +keytool\ \-genkeypair\ \-keystore\ server.jks\ \-alias\ server\ \-keyalg\ rsa keytool\ \-keystore\ root.jks\ \-alias\ root\ \-exportcert\ \-rfc\ >\ root.pem @@ -2117,7 +2111,8 @@ See \f[B]Certificate Chains\f[R]. .RS .PP -\f[CB]keytool\ \-genkeypair\ \-alias\ duke\ \-keypass\f[R] \f[I]passwd\f[R] +\f[CB]keytool\ \-genkeypair\ \-alias\ duke\ \-keyalg\ rsa\ \-keypass\f[R] +\f[I]passwd\f[R] .RE .PP This example specifies an initial \f[I]passwd\f[R] required by subsequent @@ -2615,7 +2610,7 @@ A sample command using such a string is: .RS .PP -\f[CB]keytool\ \-genkeypair\ \-dname\ "CN=Mark\ Smith,\ OU=Java,\ O=Oracle,\ L=Cupertino,\ S=California,\ C=US"\ \-alias\ mark\f[R] +\f[CB]keytool\ \-genkeypair\ \-dname\ "CN=Mark\ Smith,\ OU=Java,\ O=Oracle,\ L=Cupertino,\ S=California,\ C=US"\ \-alias\ mark\ \-keyalg\ rsa\f[R] .RE .PP Case doesn\[aq]t matter for the keyword abbreviations.