1 <html> 2 <body> 3 4 <applet width=100 height=100 code=i18n.class> 5 </applet> 6 7 This is a multi-stage test. Click on "done" when you have completed 8 reading these instructions. For each instruction, make sure the output 9 from keytool is correct (you can read everything in english fine). 10 11 <ol> 12 <li> rm ~/.keystore 13 If you are on a Windows platform, delete the .keystore file in 14 your home directory. 15 <li> keytool -help 16 <li> keytool -genkey -v -keysize 512 17 Enter "a" for the keystore password. Check error (password too short). 18 Enter "password" for the keystore password. 19 Re-enter "password" to confirm. 20 Hit 'return' for "first and last name", "organizational unit", 21 "organization", "City", "State", and "Country Code". 22 Type "yes" when they ask you if everything is correct. 23 Type 'return' for new key password. 24 <li> keytool -list -v -storepass password 25 <li> keytool -list -v 26 Type "a" for the keystore password. 27 Check error (wrong keystore password). 28 <li> keytool -genkey -v -keysize 512 29 Enter "password" as the password. 30 Check error (alias 'mykey' already exists). 31 <li> keytool -genkey -v -keysize 512 -alias mykey2 -storepass password 32 Hit 'return' for "first and last name", "organizational unit", 33 "organization", "City", "State", and "Country Code". 34 Type "yes" when they ask you if everything is correct. 35 Type 'return' for new key password. 36 <li> keytool -list -v 37 Type 'password' for the store password. 38 <li> keytool -keypasswd -v -alias mykey2 -storepass password 39 Type "a" for the new key password. 40 Type "aaaaaa" for the new key password. 41 Type "bbbbbb" when re-entering the new key password. 42 Type "a" for the new key password. 43 Check Error (too many failures). 44 <li> keytool -keypasswd -v -alias mykey2 -storepass password 45 Type "aaaaaa" for the new key password. 46 Type "aaaaaa" when re-entering the new key password. 47 <li> keytool -selfcert -v -alias mykey -storepass password 48 <li> keytool -list -v -storepass password 49 <li> keytool -export -v -alias mykey -file /tmp/cert -storepass password 50 <li> keytool -import -v -file /tmp/cert -storepass password 51 Check error (Certificate reply and cert are the same) 52 <li> keytool -printcert -file /tmp/cert 53 <li> keytool -list -storepass password -provider sun.security.provider.Sun 54 </ol> 55 56 Error tests 57 58 <ol> 59 <li> keytool -storepasswd -storepass password -new abc 60 Check error (password too short) 61 <!--li> keytool -list -storetype PKCS11 62 Check error (-keystore must be NONE)--> 63 <li> keytool -storepasswd -storetype PKCS11 -keystore NONE 64 Check error (unsupported operation) 65 <li> keytool -keypasswd -storetype PKCS11 -keystore NONE 66 Check error (unsupported operation) 67 <li> keytool -list -protected -storepass password 68 Check error (password can not be specified with -protected) 69 <li> keytool -keypasswd -protected -keypass password 70 Check error (password can not be specified with -protected) 71 <li> keytool -keypasswd -protected -new password 72 Check error (password can not be specified with -protected) 73 </ol> 74 75 MSCAPI tests (Only run on Windows) 76 77 <ol> 78 <li>keytool -storetype Windows-MY -list 79 should list entries (may be 0) without asking for password 80 should not show ****** WARNING WARNING WARNING ****** lines 81 <li>keytool -storetype Windows-MY -list -keystore NONE 82 should list entries without asking for password 83 <li>keytool -storetype Windows-MY -list -keystore other 84 Error: storetype must be NONE 85 <li>keytool -storetype Windows-MY -list -storepass changeit 86 Error: storepass cannot be specfied 87 <li>keytool -storetype Windows-MY -list -storepasswd 88 Error: storepasswd not supported 89 </ol> 90 91 PKCS#11 tests 92 93 <ol> 94 <li> sccs edit cert8.db key3.db 95 96 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa 97 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list 98 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey 99 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -certreq -alias genkey -file genkey.certreq 100 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -export -alias genkey -file genkey.cert 101 <li> keytool -printcert -file genkey.cert 102 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -selfcert -alias genkey -dname cn=selfCert 103 104 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey -v 105 (check that cert subject DN is [cn=selfCert]) 106 107 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -delete -alias genkey 108 <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list 109 (check for empty database listing) 110 111 <li> sccs unedit cert8.db key3.db 112 113 </ol> 114 115 If all the output (english) is correct, then the test passed. 116 Otherwise, the test failed. 117 118 Press "Pass" if ... press "Fail" otherwise. 119 120 </body> 121 </html>