open Udiff src/java.base/share/man/keytool.1

src/java.base/share/man/keytool.1

@@ -20,11 +20,11 @@
 .\" or visit www.oracle.com if you need additional information or have any
 .\" questions.
 .\"
 .\" Automatically generated by Pandoc 2.3.1
 .\"
-.TH "KEYTOOL" "1" "2019" "JDK 13" "JDK Commands"
+.TH "KEYTOOL" "1" "2020" "JDK 14" "JDK Commands"
 .hy
 .SH NAME
 .PP
 keytool \- a key and certificate management utility
 .SH SYNOPSIS

@@ -323,14 +323,14 @@
 The following commands creates four key pairs named \f[CB]ca\f[R],
 \f[CB]ca1\f[R], \f[CB]ca2\f[R], and \f[CB]e1\f[R]:
 .IP
 .nf
 \f[CB]
-keytool\ \-alias\ ca\ \-dname\ CN=CA\ \-genkeypair
-keytool\ \-alias\ ca1\ \-dname\ CN=CA\ \-genkeypair
-keytool\ \-alias\ ca2\ \-dname\ CN=CA\ \-genkeypair
-keytool\ \-alias\ e1\ \-dname\ CN=E1\ \-genkeypair
+keytool\ \-alias\ ca\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa
+keytool\ \-alias\ ca1\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa
+keytool\ \-alias\ ca2\ \-dname\ CN=CA\ \-genkeypair\ \-keyalg\ rsa
+keytool\ \-alias\ e1\ \-dname\ CN=E1\ \-genkeypair\ \-keyalg\ rsa
 \f[R]
 .fi
 .PP
 The following two commands create a chain of signed certificates;
 \f[CB]ca\f[R] signs \f[CB]ca1\f[R] and \f[CB]ca1\f[R] signs \f[CB]ca2\f[R], all

@@ -363,11 +363,11 @@
 command:
 .RS
 .IP \[bu] 2
 {\f[CB]\-alias\f[R] \f[I]alias\f[R]}: Alias name of the entry to process
 .IP \[bu] 2
-{\f[CB]\-keyalg\f[R] \f[I]alg\f[R]}: Key algorithm name
+\f[CB]\-keyalg\f[R] \f[I]alg\f[R]: Key algorithm name
 .IP \[bu] 2
 {\f[CB]\-keysize\f[R] \f[I]size\f[R]}: Key bit size
 .IP \[bu] 2
 {\f[CB]\-groupname\f[R] \f[I]name\f[R]}: Group name.
 For example, an Elliptic Curve name.

@@ -377,11 +377,11 @@
 [\f[CB]\-dname\f[R] \f[I]name\f[R]]: Distinguished name
 .IP \[bu] 2
 {\f[CB]\-startdate\f[R] \f[I]date\f[R]}: Certificate validity start date
 and time
 .IP \[bu] 2
-[\f[CB]\-ext\f[R] \f[I]value\f[R]}*: X.509 extension
+{\f[CB]\-ext\f[R] \f[I]value\f[R]}*: X.509 extension
 .IP \[bu] 2
 {\f[CB]\-validity\f[R] \f[I]days\f[R]}: Validity number of days
 .IP \[bu] 2
 [\f[CB]\-keypass\f[R] \f[I]arg\f[R]]: Key password
 .IP \[bu] 2

@@ -501,11 +501,11 @@
 .IP \[bu] 2
 {\f[CB]\-alias\f[R] \f[I]alias\f[R]}: Alias name of the entry to process
 .IP \[bu] 2
 [\f[CB]\-keypass\f[R] \f[I]arg\f[R]]: Key password
 .IP \[bu] 2
-{\f[CB]\-keyalg\f[R] \f[I]alg\f[R]}: Key algorithm name
+\f[CB]\-keyalg\f[R] \f[I]alg\f[R]: Key algorithm name
 .IP \[bu] 2
 {\f[CB]\-keysize\f[R] \f[I]size\f[R]}: Key bit size
 .IP \[bu] 2
 {\f[CB]\-keystore\f[R] \f[I]keystore\f[R]}: Keystore name
 .IP \[bu] 2

@@ -673,11 +673,11 @@
 .B \f[CB]\-importkeystore\f[R]
 The following are the available options for the
 \f[CB]\-importkeystore\f[R] command:
 .RS
 .IP \[bu] 2
-{\f[CB]\-srckeystore\f[R] \f[I]keystore\f[R]}: Source keystore name
+\f[CB]\-srckeystore\f[R] \f[I]keystore\f[R]: Source keystore name
 .IP \[bu] 2
 {\f[CB]\-destkeystore\f[R] \f[I]keystore\f[R]}: Destination keystore name
 .IP \[bu] 2
 {\f[CB]\-srcstoretype\f[R] \f[I]type\f[R]}: Source keystore type
 .IP \[bu] 2

@@ -1026,11 +1026,11 @@
 .B \f[CB]\-printcrl\f[R]
 The following are the available options for the \f[CB]\-printcrl\f[R]
 command:
 .RS
 .IP \[bu] 2
-\f[CB]\-file\ crl\f[R]: Input file name
+{\f[CB]\-file\ crl\f[R]}: Input file name
 .IP \[bu] 2
 {\f[CB]\-v\f[R]}: Verbose output
 .PP
 Use the \f[CB]\-printcrl\f[R] command to read the Certificate Revocation
 List (CRL) from \f[CB]\-file\ crl\f[R] .

@@ -1468,14 +1468,10 @@
 .IP
 .nf
 \f[CB]
 \-alias\ "mykey"
 
-\-keyalg
-\ \ \ \ "DSA"\ (when\ using\ \-genkeypair)
-\ \ \ \ "DES"\ (when\ using\ \-genseckey)
-
 \-keysize
 \ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "RSA")
 \ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "DSA")
 \ \ \ \ 256\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "EC")
 \ \ \ \ 56\ (when\ using\ \-genseckey\ and\ \-keyalg\ is\ "DES")

@@ -1521,11 +1517,11 @@
 any size
 T}@T{
 SHA256withDSA
 T}
 T{
-RSA \ \ \ 
+RSA
 T}@T{
 <= 3072
 T}@T{
 SHA256withRSA
 T}

@@ -1776,11 +1772,11 @@
 Create a keystore and then generate the key pair.
 .PP
 You can enter the command as a single line such as the following:
 .RS
 .PP
-\f[CB]keytool\ \-genkeypair\ \-dname\ "cn=myname,\ ou=mygroup,\ o=mycompany,\ c=mycountry"\ \-alias\ business\ \-keypass\f[R]
+\f[CB]keytool\ \-genkeypair\ \-dname\ "cn=myname,\ ou=mygroup,\ o=mycompany,\ c=mycountry"\ \-alias\ business\ \-keyalg\ rsa\ \-keypass\f[R]
 \f[I]password\f[R]
 \f[CB]\-keystore\ /working/mykeystore\ \-storepass\ password\ \-validity\ 180\f[R]
 .RE
 .PP
 The command creates the keystore named \f[CB]mykeystore\f[R] in the

@@ -1788,31 +1784,31 @@
 it the password specified by \f[CB]\-keypass\f[R].
 It generates a public/private key pair for the entity whose
 distinguished name is \f[CB]myname\f[R], \f[CB]mygroup\f[R],
 \f[CB]mycompany\f[R], and a two\-letter country code of
 \f[CB]mycountry\f[R].
-It uses the default DSA key generation algorithm to create the keys;
-both are 2048 bits
+It uses the RSA key generation algorithm to create the keys; both are
+2048 bits
 .PP
-The command uses the default SHA256withDSA signature algorithm to create
+The command uses the default SHA256withRSA signature algorithm to create
 a self\-signed certificate that includes the public key and the
 distinguished name information.
 The certificate is valid for 180 days, and is associated with the
 private key in a keystore entry referred to by
 \f[CB]\-alias\ business\f[R].
 The private key is assigned the password specified by
 \f[CB]\-keypass\f[R].
 .PP
 The command is significantly shorter when the option defaults are
 accepted.
-In this case, no options are required, and the defaults are used for
-unspecified options that have default values.
+In this case, only \f[CB]\-keyalg\f[R] is required, and the defaults are
+used for unspecified options that have default values.
 You are prompted for any required values.
 You could have the following:
 .RS
 .PP
-\f[CB]keytool\ \-genkeypair\f[R]
+\f[CB]keytool\ \-genkeypair\ \-keyalg\ rsa\f[R]
 .RE
 .PP
 In this case, a keystore entry with the alias \f[CB]mykey\f[R] is created,
 with a newly generated key pair and a certificate that is valid for 90
 days.

@@ -1822,14 +1818,13 @@
 You are prompted for the distinguished name information, the keystore
 password, and the private key password.
 .PP
 \f[B]Note:\f[R]
 .PP
-The rest of the examples assume that you executed the
-\f[CB]\-genkeypair\f[R] command without specifying options, and that you
-responded to the prompts with values equal to those specified in the
-first \f[CB]\-genkeypair\f[R] command.
+The rest of the examples assume that you responded to the prompts with
+values equal to those specified in the first \f[CB]\-genkeypair\f[R]
+command.
 For example, a distinguished name of
 \f[CB]cn=\f[R]\f[I]myname\f[R]\f[CB],\ ou=\f[R]\f[I]mygroup\f[R]\f[CB],\ o=\f[R]\f[I]mycompany\f[R]\f[CB],\ c=\f[R]\f[I]mycountry\f[R]).
 .SH REQUESTING A SIGNED CERTIFICATE FROM A CA
 .PP
 \f[B]Note:\f[R]

@@ -2040,17 +2035,16 @@
 Intermediate CA (\f[CB]ca\f[R])
 .IP \[bu] 2
 SSL server (\f[CB]server\f[R])
 .PP
 Ensure that you store all the certificates in the same keystore.
-In the following examples, RSA is the recommended the key algorithm.
 .IP
 .nf
 \f[CB]
-keytool\ \-genkeypair\ \-keystore\ root.jks\ \-alias\ root\ \-ext\ bc:c
-keytool\ \-genkeypair\ \-keystore\ ca.jks\ \-alias\ ca\ \-ext\ bc:c
-keytool\ \-genkeypair\ \-keystore\ server.jks\ \-alias\ server
+keytool\ \-genkeypair\ \-keystore\ root.jks\ \-alias\ root\ \-ext\ bc:c\ \-keyalg\ rsa
+keytool\ \-genkeypair\ \-keystore\ ca.jks\ \-alias\ ca\ \-ext\ bc:c\ \-keyalg\ rsa
+keytool\ \-genkeypair\ \-keystore\ server.jks\ \-alias\ server\ \-keyalg\ rsa
 
 keytool\ \-keystore\ root.jks\ \-alias\ root\ \-exportcert\ \-rfc\ >\ root.pem
 
 keytool\ \-storepass\ password\ \-keystore\ ca.jks\ \-certreq\ \-alias\ ca\ |
 \ \ \ \ keytool\ \-storepass\ password\ \-keystore\ root.jks

@@ -2115,11 +2109,12 @@
 public/private key pair and wrap the public key into a self\-signed
 certificate with the following command.
 See \f[B]Certificate Chains\f[R].
 .RS
 .PP
-\f[CB]keytool\ \-genkeypair\ \-alias\ duke\ \-keypass\f[R] \f[I]passwd\f[R]
+\f[CB]keytool\ \-genkeypair\ \-alias\ duke\ \-keyalg\ rsa\ \-keypass\f[R]
+\f[I]passwd\f[R]
 .RE
 .PP
 This example specifies an initial \f[I]passwd\f[R] required by subsequent
 commands to access the private key associated with the alias
 \f[CB]duke\f[R].

@@ -2613,11 +2608,11 @@
 .RE
 .PP
 A sample command using such a string is:
 .RS
 .PP
-\f[CB]keytool\ \-genkeypair\ \-dname\ "CN=Mark\ Smith,\ OU=Java,\ O=Oracle,\ L=Cupertino,\ S=California,\ C=US"\ \-alias\ mark\f[R]
+\f[CB]keytool\ \-genkeypair\ \-dname\ "CN=Mark\ Smith,\ OU=Java,\ O=Oracle,\ L=Cupertino,\ S=California,\ C=US"\ \-alias\ mark\ \-keyalg\ rsa\f[R]
 .RE
 .PP
 Case doesn\[aq]t matter for the keyword abbreviations.
 For example, CN, cn, and Cn are all treated the same.
 .PP

< prev index next >