Google Git
Sign in
android / toolchain / gcc / donut / . / gcc-4.3.1 / libjava / classpath / doc / cp-tools.info
blob: 5afdecf3019326d04240cf7cd43280b70830b109 [file] [log] [blame]
This is cp-tools.info, produced by makeinfo version 4.11 from
/gcc-4.3/gcc-4.3.1/gcc-4.3.1/libjava/classpath/doc/cp-tools.texinfo.
This file documents the Tools included in a standard distribution of
the GNU Classpath project deliverables.
Copyright (C) 2006, 2007 Free Software Foundation, Inc.
INFO-DIR-SECTION GNU Libraries
START-INFO-DIR-ENTRY
* Classpath Tools: (cp-tools). GNU Classpath Tools Guide
END-INFO-DIR-ENTRY

File: cp-tools.info, Node: Top, Next: Applet Tools, Prev: (dir), Up: (dir)
GNU Classpath Tools Guide
*************************
This document contains important information you need to know in order
to use the tools included in the GNU Classpath project deliverables.
The Tools aim at providing a free replacement, similar in their
behavior, to their counter-parts found in the Reference Implementation
(RI) of the Java Software Development Kit (SDK).
* Menu:
* Applet Tools:: Work with applets
* Security Tools:: Work securely with Java applications
* Other Tools:: Other tools in classpath
* I18N Issues:: How to add support for non-English languages
--- The Detailed Node Listing ---
Applet Tools
* appletviewer Tool:: Load applets
* gcjwebplugin:: Load applets in a web browser
Security Tools
* jarsigner Tool:: Sign and verify .JAR files
* keytool Tool:: Manage private keys and public certificates
jarsigner Tool
* Common jarsigner Options:: Options used when signing or verifying a file
* Signing Options:: Options only used when signing a .JAR file
* Verification Options:: Options only used when verifying a .JAR file
keytool Tool
* Getting Help:: How to get help with keytool commands
* Common keytool Options:: Options used in more than one command
* Distinguished Names:: X.500 Distinguished Names used in certificates
* Add/Update Commands:: Commands for adding data to a Key Store
* Export Commands:: Commands for exporting data from a Key Store
* Display Commands:: Commands for displaying data in a Key Store
* Management Commands:: Commands for managing a Key Store
Add/Update Commands
* Command -genkey:: Generate private key and self-signed certificate
* Command -import:: Import certificates and certificate replies
* Command -selfcert:: Generate self-signed certificate
* Command -cacert:: Import a CA Trusted Certificate
* Command -identitydb:: Import JDK-1 style identities
Export Commands
* Command -certreq:: Generate Certificate Signing Requests (CSR)
* Command -export:: Export a certificate in a Key Store
Display Commands
* Command -list:: Display information about one or all Aliases
* Command -printcert:: Print a certificate or a certificate fingerprint
Management Commands
* Command -keyclone:: Clone a Key Entry in a Key Store
* Command -storepasswd:: Change the password protecting a Key Store
* Command -keypasswd:: Change the password protecting a Key Entry
* Command -delete:: Remove an entry in a Key Store
Other Tools
* jar Tool:: Archive tool for Java archives
* javah Tool:: A java header compiler
* gcjh Tool:: A java header compiler (old version)
* native2ascii Tool:: An encoding converter
* orbd Tool:: An object request broker daemon
* serialver Tool:: A serial version command
* rmid Tool:: RMI activation daemon
* rmiregistry Tool:: Remote object registry
* tnameserv Tool:: Naming service
I18N Issues
* Language Resources:: Where resources are located
* Message Formats:: How messages are internationalized

File: cp-tools.info, Node: Applet Tools, Next: Security Tools, Prev: Top, Up: Top
1 Applet Tools
**************
Two Applet Tools are available with GNU Classpath: appletviewer and
gcjwebplugin.
To avoid conflicts with other implementations, the appletviewer
executable is called "gappletviewer".
* Menu:
* appletviewer Tool:: Load applets
* gcjwebplugin:: Load applets in a web browser
If while using these tools you think you found a bug, then please
report it at classpath-bugs
(http://www.gnu.org/software/classpath/bugs.html).

File: cp-tools.info, Node: appletviewer Tool, Next: gcjwebplugin, Prev: Applet Tools, Up: Applet Tools
1.1 The `appletviewer' Tool
===========================
SYNOPSIS
appletviewer [OPTION]... URL...
appletviewer [OPTION]... `-code' CODE
appletviewer [OPTION]... `-plugin' INPUT,OUTPUT
DESCRIPTION The `appletviewer' tool loads and runs an applet.
Use the first form to test applets specified by tag. The URL should
resolve to an HTML document from which the `appletviewer' will extract
applet tags. The APPLET, EMBED and OBJECT tags are supported. If a
given document contains multiple applet tags, all the applets will be
loaded, with each applet appearing in its own window. Likewise, when
multiple URLs are specified, each applet tag instance is given its own
window. If a given document contains no recognized tags the
`appletviewer' does nothing.
appletviewer http://www.gnu.org/software/classpath/
Use the second form to test an applet in development. This form
allows applet tag attributes to be supplied on the command line. Only
one applet may be specified using the `-code' option. The `-code'
option overrides the URL form - any URLs specified will be ignored.
appletviewer -code Test.class -param datafile,data.txt
`gcjwebplugin' uses the third form to communicate with the
`appletviewer' through named pipes.
URL OPTIONS
`-debug'
This option is not yet implemented but is provided for
compatibility.
`-encoding CHARSET'
Use this option to specify an alternate character encoding for the
specified HTML page.
APPLET TAG OPTIONS
`-code CODE'
Use the `-code' option to specify the value of the applet tag CODE
attribute.
`-codebase CODEBASE'
Use the `-codebase' option to specify the value of the applet tag
CODEBASE attribute.
`-archive ARCHIVE'
Use the `-archive' option to specify the value of the applet tag
ARCHIVE attribute.
`-width WIDTH'
Use the `-width' option to specify the value of the applet tag
WIDTH attribute.
`-height HEIGHT'
Use the `-height' option to specify the value of the applet tag
HEIGHT attribute.
`-param NAME,VALUE'
Use the `-param' option to specify values for the NAME and VALUE
attributes of an applet PARAM tag.
PLUGIN OPTION
`-plugin INPUT,OUTPUT'
`gcjwebplugin' uses the `-plugin' option to specify the named pipe
the `appletviewer' should use for receiving commands (INPUT) and
the one it should use for sending commands to `gcjwebplugin'
(OUTPUT).
DEBUGGING OPTION
`-verbose'
Use the `-verbose' option to have the `appletviewer' print
debugging messages.
STANDARD OPTIONS
`-help'
Use the `-help' option to have the `appletviewer' print a usage
message, then exit.
`-version'
Use the `-version' option to have the `appletviewer' print its
version, then exit.
`-JOPTION'
Use the `-J' option to pass OPTION to the virtual machine that
will run the `appletviewer'. Unlike other options, there must not
be a space between the `-J' and OPTION.

File: cp-tools.info, Node: gcjwebplugin, Prev: appletviewer Tool, Up: Applet Tools
1.2 The `gcjwebplugin' Tool
===========================
`gcjwebplugin' is a plugin that adds applet support to web browsers.
Currently `gcjwebplugin' only supports Mozilla-based browsers (e.g.,
Firefox, Galeon, Mozilla).

File: cp-tools.info, Node: Security Tools, Next: Other Tools, Prev: Applet Tools, Up: Top
2 Security Tools
****************
Two Security Tools are available with GNU Classpath: `jarsigner' and
`keytool'.
To avoid conflicts with other implementations, the jarsigner
executable is called `gjarsigner' and the keytool executable is called
`gkeytool'.
* Menu:
* jarsigner Tool:: Sign and verify .JAR files
* keytool Tool:: Manage private keys and public certificates
If while using these tools you think you found a bug, then please
report it at classpath-bugs
(http://www.gnu.org/software/classpath/bugs.html).

File: cp-tools.info, Node: jarsigner Tool, Next: keytool Tool, Prev: Security Tools, Up: Security Tools
2.1 The `jarsigner' Tool
========================
The `jarsigner' tool is invoked from the command line, in one of two
forms, as follows:
jarsigner [OPTION]... FILE ALIAS
jarsigner `-verify' [OPTION]... FILE
When the first form is used, the tool signs the designated JAR file.
The second form, on the other hand, is used to verify a previously
signed JAR file.
FILE is the .JAR file to process; i.e. to sign if the first syntax
form is used, or to verify if the second syntax form is used instead.
ALIAS must be a known Alias of a Key Entry in the designated Key
Store. The private key material associated with this Alias is then used
for signing the designated .JAR file.
* Menu:
* Common jarsigner Options:: Options used when signing or verifying a file
* Signing Options:: Options only used when signing a .JAR file
* Verification Options:: Options only used when verifying a .JAR file

File: cp-tools.info, Node: Common jarsigner Options, Next: Signing Options, Prev: jarsigner Tool, Up: jarsigner Tool
2.1.1 Common options
--------------------
The following options may be used when the tool is used for either
signing, or verifying, a .JAR file.
`-verbose'
Use this option to force the tool to generate more verbose
messages, during its processing.
`-internalsf'
When present, the tool will include -which otherwise it does not-
the `.SF' file in the `.DSA' generated file.
`-sectionsonly'
When present, the tool will include in the `.SF' generated file
-which otherwise it does not- a header containing a hash of the
whole manifest file. When that header is included, the tool can
quickly check, during verification, if the hash (in the header)
matches or not the manifest file.
`-provider PROVIDER_CLASS_NAME'
A fully qualified class name of a Security Provider to add to the
current list of Security Providers already installed in the JVM
in-use. If a provider class is specified with this option, and was
successfully added to the runtime -i.e. it was not already
installed- then the tool will attempt to remove this Security
Provider before exiting.
`-help'
Prints a help text similar to this one.

File: cp-tools.info, Node: Signing Options, Next: Verification Options, Prev: Common jarsigner Options, Up: jarsigner Tool
2.1.2 Signing options
---------------------
The following options may be specified when using the tool for signing
purposes.
`-keystore URL'
Use this option to specify the location of the key store to use.
The default value is a file URL referencing the file named
`.keystore' located in the path returned by the call to
`java.lang.System#getProperty(String)' using `user.home' as
argument.
If a URL was specified, but was found to be malformed -e.g.
missing protocol element- the tool will attempt to use the URL
value as a file-name (with absolute or relative path-name) of a
key store -as if the protocol was `file:'.
`-storetype STORE_TYPE'
Use this option to specify the type of the key store to use. The
default value, if this option is omitted, is that of the property
`keystore.type' in the security properties file, which is obtained
by invoking the static method call `getDefaultType()' in
`java.security.KeyStore'.
`-storepass PASSWORD'
Use this option to specify the password which will be used to
unlock the key store. If this option is missing, the User will be
prompted to provide a password.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
unlock the Key Entry associated with the designated Alias.
If this option is omitted, the tool will first attempt to unlock
the Key Entry using the same password protecting the key store. If
this fails, you will then be prompted to provide a password.
`-sigfile NAME'
Use this option to designate a literal that will be used to
construct file names for both the `.SF' and `.DSA' signature
files. These files will be generated, by the tool, and placed in
the `META-INF' directory of the signed JAR. Permissible
characters for NAME must be in the range "a-zA-Z0-9_-". All
characters will be converted to upper-case ones.
If this option is missing, the first eight characters of the ALIAS
argument will be used. When this is the case, any character in
ALIAS that is outside the permissible range of characters will be
replaced by an underscore.
`-signedjar FILE'
Use this option to specify the file name of the signed JAR. If
this option is omitted, then the signed JAR will be named the same
as FILE; i.e. the input JAR file will be replaced with the signed
copy.

File: cp-tools.info, Node: Verification Options, Prev: Signing Options, Up: jarsigner Tool
2.1.3 Verification options
--------------------------
The following options may be specified when using the tool for
verification purposes.
`-verify'
Use this option to indicate that the tool is to be used for
verification purposes.
`-certs'
This option is used in conjunction with the `-verbose' option.
When present, along with the `-verbose' option, the tool will
print more detailed information about the certificates of the
signer(s) being processed.

File: cp-tools.info, Node: keytool Tool, Prev: jarsigner Tool, Up: Security Tools
2.2 The `keytool' Tool
======================
Cryptographic credentials, in a Java environment, are usually stored in
a Key Store. The Java SDK specifies a Key Store as a persistent
container of two types of objects: Key Entries and Trusted
Certificates. The security tool `keytool' is a Java-based application
for managing those types of objects.
A Key Entry represents the private key part of a key-pair used in
Public-Key Cryptography, and a signed X.509 certificate which
authenticates the public key part for a known entity; i.e. the owner of
the key-pair. The X.509 certificate itself contains the public key part
of the key-pair.
A Trusted Certificate is a signed X.509 certificate issued by a
trusted entity. The Trust in this context is relative to the User of
the `keytool'. In other words, the existence of a Trusted Certificate
in the Key Store processed by a `keytool' command implies that the User
trusts the Issuer of that Trusted Certificate to also sign, and hence
authenticates, other Subjects the tool may process.
Trusted Certificates are important because they allow the tool to
mechanically construct Chains of Trust starting from one of the Trusted
Certificates in a Key Store and ending with a certificate whose Issuer
is potentially unknown. A valid chain is an ordered list, starting with
a Trusted Certificate (also called the anchor), ending with the target
certificate, and satisfying the condition that the Subject of
certificate `#i' is the Issuer of certificate `#i + 1'.
The `keytool' is invoked from the command line as follows:
keytool [COMMAND] ...
Multiple COMMANDs may be specified at once, each complete with its
own options. `keytool' will parse all the arguments, before processing,
and executing, each `COMMAND'. If an exception occurs while executing
one COMMAND `keytool' will abort. Note however that because the
implementation of the tool uses code to parse command line options that
also supports GNU-style options, you have to separate each command
group with a double-hyphen; e.g
keytool -list -- -printcert -alias mykey
Here is a summary of the commands supported by the tool:
1. Add/Update commands
`-genkey [OPTION]...'
Generate a new Key Entry, eventually creating a new key store.
`-import [OPTION]...'
Add, to a key store, Key Entries (private keys and
certificate chains authenticating the public keys) and
Trusted Certificates (3rd party certificates which can be
used as Trust Anchors when building chains-of-trust).
`-selfcert [OPTION]...'
Generate a new self-signed Trusted Certificate.
`-cacert [OPTION]...'
Import a CA Trusted Certificate.
`-identitydb [OPTION]...'
NOT IMPLEMENTED YET.
Import a JDK 1.1 style Identity Database.
2. Export commands
`-certreq [OPTION]...'
Issue a Certificate Signing Request (CSR) which can be then
sent to a Certification Authority (CA) to issue a certificate
signed (by the CA) and authenticating the Subject of the
request.
`-export [OPTION]...'
Export a certificate from a key store.
3. Display commands
`-list [OPTION]...'
Print one or all certificates in a key store to `STDOUT'.
`-printcert [OPTION]...'
Print a human-readable form of a certificate, in a designated
file, to `STDOUT'.
4. Management commands
`-keyclone [OPTION]...'
Clone a Key Entry in a key store.
`-storepasswd [OPTION]...'
Change the password protecting a key store.
`-keypasswd [OPTION]...'
Change the password protecting a Key Entry in a key store.
`-delete [OPTION]...'
Delete a Key Entry or a Trusted Certificate from a key store.
* Menu:
* Getting Help:: How to get help with keytool commands
* Common keytool Options:: Options used in more than one command
* Distinguished Names:: X.500 Distinguished Names used in certificates
* Add/Update Commands:: Commands for adding data to a Key Store
* Export Commands:: Commands for exporting data from a Key Store
* Display Commands:: Commands for displaying data in a Key Store
* Management Commands:: Commands for managing a Key Store

File: cp-tools.info, Node: Getting Help, Next: Common keytool Options, Prev: keytool Tool, Up: keytool Tool
2.2.1 Getting help
------------------
To get a general help text about the tool, use the `-help' option; e.g.
`keytool -help'
To get more specific help text about one of the tool's command use
the `-help' option for that command; e.g.
`keytool -genkey -help'
In both instances, the tool will print a help text and then will
exit the running JVM.
It is worth noting here that the help messages printed by the tool
are I18N-ready. This means that if/when the contents of the tool's
Message Bundle properties file are available in languages other than
English, you may see those messages in that language.

File: cp-tools.info, Node: Common keytool Options, Next: Distinguished Names, Prev: Getting Help, Up: keytool Tool
2.2.2 Common options
--------------------
The following `OPTION's are used in more than one `COMMAND'. They are
described here to reduce redundancy.
`-alias ALIAS'
Every entry, be it a Key Entry or a Trusted Certificate, in a key
store is uniquely identified by a user-defined ALIAS string. Use
this option to specify the ALIAS to use when referring to an entry
in the key store. Unless specified otherwise, a default value of
`mykey' shall be used when this option is omitted from the command
line.
`-keyalg ALGORITHM'
Use this option to specify the canonical name of the key-pair
generation algorithm. The default value for this option is `DSS'
(a synonym for the Digital Signature Algorithm also known as DSA).
`-keysize SIZE'
Use this option to specify the number of bits of the shared
modulus (for both the public and private keys) to use when
generating new keys. A default value of `1024' will be used if
this option is omitted from the command line.
`-validity DAY_COUNT'
Use this option to specify the number of days a newly generated
certificate will be valid for. The default value is `90' (days) if
this option is omitted from the command line.
`-storetype STORE_TYPE'
Use this option to specify the type of the key store to use. The
default value, if this option is omitted, is that of the property
`keystore.type' in the security properties file, which is obtained
by invoking the static method call `getDefaultType()' in
`java.security.KeyStore'.
`-storepass PASSWORD'
Use this option to specify the password protecting the key store.
If this option is omitted from the command line, you will be
prompted to provide a password.
`-keystore URL'
Use this option to specify the location of the key store to use.
The default value is a file URL referencing the file named
`.keystore' located in the path returned by the call to
`java.lang.System#getProperty(String)' using `user.home' as
argument.
If a URL was specified, but was found to be malformed -e.g.
missing protocol element- the tool will attempt to use the URL
value as a file-name (with absolute or relative path-name) of a
key store -as if the protocol was `file:'.
`-provider PROVIDER_CLASS_NAME'
A fully qualified class name of a Security Provider to add to the
current list of Security Providers already installed in the JVM
in-use. If a provider class is specified with this option, and was
successfully added to the runtime -i.e. it was not already
installed- then the tool will attempt to removed this Security
Provider before exiting.
`-file FILE'
Use this option to designate a file to use with a command. When
specified with this option, the value is expected to be the fully
qualified path of a file accessible by the File System. Depending
on the command, the file may be used as input or as output. When
this option is omitted from the command line, `STDIN' will be used
instead, as the source of input, and `STDOUT' will be used instead
as the output destination.
`-v'
Unless specified otherwise, use this option to enable more verbose
output.

File: cp-tools.info, Node: Distinguished Names, Next: Add/Update Commands, Prev: Common keytool Options, Up: keytool Tool
2.2.3 X.500 Distinguished Names
-------------------------------
A Distinguished Name (or DN) MUST be supplied with some of the
`COMMAND's using a `-dname' option. The syntax of a valid value for
this option MUST follow RFC-2253 specifications. Namely the following
components (with their accepted meaning) will be recognized. Note that
the component name is case-insensitive:
CN
The Common Name; e.g. `host.domain.com'
OU
The Organizational Unit; e.g. `IT Department'
O
The Organization Name; e.g. `The Sample Company'
L
The Locality Name; e.g. `Sydney'
ST
The State Name; e.g. `New South Wales'
C
The 2-letter Country identifier; e.g. `AU'
When specified with a `-dname' option, each pair of component/value
will be separated from the other with a comma. Each component and value
pair MUST be separated by an equal sign. For example, the following is
a valid DN value:
CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU
If the Distinguished Name is required, and no valid default value can
be used, the tool will prompt you to enter the information through the
console.

File: cp-tools.info, Node: Add/Update Commands, Next: Export Commands, Prev: Distinguished Names, Up: keytool Tool
2.2.4 Add/Update commands
-------------------------
* Menu:
* Command -genkey:: Generate private key and self-signed certificate
* Command -import:: Import certificates and certificate replies
* Command -selfcert:: Generate self-signed certificate
* Command -cacert:: Import a CA Trusted Certificate
* Command -identitydb:: Import JDK-1 style identities

File: cp-tools.info, Node: Command -genkey, Next: Command -import, Prev: Add/Update Commands, Up: Add/Update Commands
2.2.4.1 The `-genkey' command
.............................
Use this command to generate a new key-pair (both private and public
keys), and save these credentials in the key store as a Key Entry,
associated with the designated (if was specified with the `-alias'
option) or default (if the `-alias' option is omitted) Alias.
The private key material will be protected with a user-defined
password (see `-keypass' option). The public key on the other hand will
be part of a self-signed X.509 certificate, which will form a 1-element
chain and will be saved in the key store.
`-alias ALIAS'
For more details *note ALIAS: alias.
`-keyalg ALGORITHM'
For more details *note ALGORITHM: keyalg.
`-keysize KEY_SIZE'
For more details *note KEY_SIZE: keysize.
`-sigalg ALGORITHM'
The canonical name of the digital signature algorithm to use for
signing certificates. If this option is omitted, a default value
will be chosen based on the type of the key-pair; i.e. the
algorithm that ends up being used by the -keyalg option. If the
key-pair generation algorithm is `DSA', the value for the
signature algorithm will be `SHA1withDSA'. If on the other hand
the key-pair generation algorithm is `RSA', then the tool will use
`MD5withRSA' as the signature algorithm.
`-dname NAME'
This a mandatory value for the command. If no value is specified
-i.e. the `-dname' option is omitted- the tool will prompt you to
enter a Distinguished Name to use as both the Owner and Issuer of
the generated self-signed certificate.
For more details *note X.500 DISTINGUISHED NAME: dn.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
protect the newly created Key Entry.
If this option is omitted, you will be prompted to provide a
password.
`-validity DAY_COUNT'
For more details *note DAY_COUNT: validity.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -import, Next: Command -selfcert, Prev: Command -genkey, Up: Add/Update Commands
2.2.4.2 The `-import' command
.............................
Use this command to read an X.509 certificate, or a PKCS#7 Certificate
Reply from a designated input source and incorporate the certificates
into the key store.
If the Alias does not already exist in the key store, the tool
treats the certificate read from the input source as a new Trusted
Certificate. It then attempts to discover a chain-of-trust, starting
from that certificate and ending at another Trusted Certificate,
already stored in the key store. If the `-trustcacerts' option is
present, an additional key store, of type `JKS' named `cacerts', and
assumed to be present in `${JAVA_HOME}/lib/security' will also be
consulted if found -`${JAVA_HOME}' refers to the location of an
installed Java Runtime Environment (JRE). If no chain-of-trust can be
established, and unless the `-noprompt' option has been specified, the
certificate is printed to `STDOUT' and the user is prompted for a
confirmation.
If Alias exists in the key store, the tool will treat the
certificate(s) read from the input source as a Certificate Reply, which
can be a chain of certificates, that eventually would replace the chain
of certificates associated with the Key Entry of that Alias. The
substitution of the certificates only occurs if a chain-of-trust can be
established between the bottom certificate of the chain read from the
input file and the Trusted Certificates already present in the key
store. Again, if the `-trustcacerts' option is specified, additional
Trusted Certificates in the same `cacerts' key store will be
considered. If no chain-of-trust can be established, the operation will
abort.
`-alias ALIAS'
For more details *note ALIAS: alias.
`-file FILE'
For more details *note FILE: file.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
protect the Key Entry associated with the designated Alias, when
replacing this Alias' chain of certificates with that found in the
certificate reply.
If this option is omitted, and the chain-of-trust for the
certificate reply has been established, the tool will first
attempt to unlock the Key Entry using the same password protecting
the key store. If this fails, you will then be prompted to provide
a password.
`-noprompt'
Use this option to prevent the tool from prompting the user.
`-trustcacerts'
Use this option to indicate to the tool that a key store, of type
`JKS', named `cacerts', and usually located in `lib/security' in
an installed Java Runtime Environment should be considered when
trying to establish chain-of-trusts.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -selfcert, Next: Command -cacert, Prev: Command -import, Up: Add/Update Commands
2.2.4.3 The `-selfcert' command
...............................
Use this command to generate a self-signed X.509 version 1 certificate.
The newly generated certificate will form a chain of one element which
will replace the previous chain associated with the designated Alias
(if `-alias' option was specified), or the default Alias (if `-alias'
option was omitted).
`-alias ALIAS'
For more details *note ALIAS: alias.
`-sigalg ALGORITHM'
The canonical name of the digital signature algorithm to use for
signing the certificate. If this option is omitted, a default
value will be chosen based on the type of the private key
associated with the designated Alias. If the private key is a
`DSA' one, the value for the signature algorithm will be
`SHA1withDSA'. If on the other hand the private key is an `RSA'
one, then the tool will use `MD5withRSA' as the signature
algorithm.
`-dname NAME'
Use this option to specify the Distinguished Name of the newly
generated self-signed certificate. If this option is omitted, the
existing Distinguished Name of the base certificate in the chain
associated with the designated Alias will be used instead.
For more details *note X.500 DISTINGUISHED NAME: dn.
`-validity DAY_COUNT'
For more details *note DAY_COUNT: validity.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
unlock the Key Entry associated with the designated Alias.
If this option is omitted, the tool will first attempt to unlock
the Key Entry using the same password protecting the key store. If
this fails, you will then be prompted to provide a password.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -cacert, Next: Command -identitydb, Prev: Command -selfcert, Up: Add/Update Commands
2.2.4.4 The `-cacert' command
.............................
Use this command to import, a CA certificate and add it to the key
store as a Trusted Certificate. The Alias for this new entry will be
constructed from the FILE's base-name after replacing hyphens and dots
with underscores.
This command is useful when used in a script that recursively visits
a directory of CA certificates to populate a `cacerts.gkr' Key Store of
trusted certificates which can then be used commands that specify the
`-trustcacerts' option.
`-file FILE'
For more details *note FILE: file.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -identitydb, Prev: Command -cacert, Up: Add/Update Commands
2.2.4.5 The `-identitydb' command
.................................
NOT IMPLEMENTED YET.
Use this command to import a JDK 1.1 style Identity Database.
`-file FILE'
For more details *note FILE: file.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Export Commands, Next: Display Commands, Prev: Add/Update Commands, Up: keytool Tool
2.2.5 Export commands
---------------------
* Menu:
* Command -certreq:: Generate Certificate Signing Requests (CSR)
* Command -export:: Export a certificate in a Key Store

File: cp-tools.info, Node: Command -certreq, Next: Command -export, Prev: Export Commands, Up: Export Commands
2.2.5.1 The `-certreq' command
..............................
Use this command to generate a PKCS#10 Certificate Signing Request
(CSR) and write it to a designated output destination. The contents of
the destination should look something like the following:
-----BEGIN NEW CERTIFICATE REQUEST-----
MI...QAwXzEUMBIGA1UEAwwLcnNuQGdudS5vcmcxGzAZBgNVBAoMElUg
Q2...A0GA1UEBwwGU3lkbmV5MQwwCgYDVQQIDANOU1cxCzAJBgNVBACC
...
FC...IVwNVOfQLRX+O5kAhQ/a4RTZme2L8PnpvgRwrf7Eg8D6w==
-----END NEW CERTIFICATE REQUEST-----
IMPORTANT: Some documentation (e.g. RSA examples) claims that the
`Attributes' field, in the CSR is `OPTIONAL' while RFC-2986 implies the
opposite. This implementation considers this field, by default, as
`OPTIONAL', unless the option `-attributes' is specified on the command
line.
`-alias ALIAS'
For more details *note ALIAS: alias.
`-sigalg ALGORITHM'
The canonical name of the digital signature algorithm to use for
signing the certificate. If this option is omitted, a default
value will be chosen based on the type of the private key
associated with the designated Alias. If the private key is a
`DSA' one, the value for the signature algorithm will be
`SHA1withDSA'. If on the other hand the private key is an `RSA'
one, then the tool will use `MD5withRSA' as the signature
algorithm.
`-file FILE'
For more details *note FILE: file.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
unlock the Key Entry associated with the designated Alias.
If this option is omitted, the tool will first attempt to unlock
the Key Entry using the same password protecting the key store. If
this fails, you will then be prompted to provide a password.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.
`-attributes'
Use this option to force the tool to encode a `NULL' DER value in
the CSR as the value of the `Attributes' field.

File: cp-tools.info, Node: Command -export, Prev: Command -certreq, Up: Export Commands
2.2.5.2 The `-export' command
.............................
Use this command to export a certificate stored in a key store to a
designated output destination, either in binary format (if the `-v'
option is specified), or in RFC-1421 compliant encoding (if the `-rfc'
option is specified instead).
`-alias ALIAS'
For more details *note ALIAS: alias.
`-file FILE'
For more details *note FILE: file.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-rfc'
Use RFC-1421 specifications when encoding the output.
`-v'
Output the certificate in binary DER encoding. This is the default
output format of the command if neither `-rfc' nor `-v' options
were detected on the command line. If both this option and the
`-rfc' option are detected on the command line, the tool will opt
for the RFC-1421 style encoding.

File: cp-tools.info, Node: Display Commands, Next: Management Commands, Prev: Export Commands, Up: keytool Tool
2.2.6 Display commands
----------------------
* Menu:
* Command -list:: Display information about one or all Aliases
* Command -printcert:: Print a certificate or a certificate fingerprint

File: cp-tools.info, Node: Command -list, Next: Command -printcert, Prev: Display Commands, Up: Display Commands
2.2.6.1 The `-list' command
...........................
Use this command to print one or all of a key store entries to
`STDOUT'. Usually this command will only print a fingerprint of the
certificate, unless either the `-rfc' or the `-v' option is specified.
`-alias ALIAS'
If this option is omitted, the tool will print ALL the entries
found in the key store.
For more details *note ALIAS: alias.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-rfc'
Use RFC-1421 specifications when encoding the output.
`-v'
Output the certificate in human-readable format. If both this
option and the `-rfc' option are detected on the command line, the
tool will opt for the human-readable form and will not abort the
command.

File: cp-tools.info, Node: Command -printcert, Prev: Command -list, Up: Display Commands
2.2.6.2 The `-printcert' command
................................
Use this command to read a certificate from a designated input source
and print it to `STDOUT' in a human-readable form.
`-file FILE'
For more details *note FILE: file.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Management Commands, Prev: Display Commands, Up: keytool Tool
2.2.7 Management commands
-------------------------
* Menu:
* Command -keyclone:: Clone a Key Entry in a Key Store
* Command -storepasswd:: Change the password protecting a Key Store
* Command -keypasswd:: Change the password protecting a Key Entry
* Command -delete:: Remove an entry in a Key Store

File: cp-tools.info, Node: Command -keyclone, Next: Command -storepasswd, Prev: Management Commands, Up: Management Commands
2.2.7.1 The `-keyclone' command
...............................
Use this command to clone an existing Key Entry and store it under a
new (different) Alias protecting, its private key material with
possibly a new password.
`-alias ALIAS'
For more details *note ALIAS: alias.
`-dest ALIAS'
Use this option to specify the new Alias which will be used to
identify the cloned copy of the Key Entry.
`-keypass PASSWORD'
Use this option to specify the password which the tool will use to
unlock the Key Entry associated with the designated Alias.
If this option is omitted, the tool will first attempt to unlock
the Key Entry using the same password protecting the key store. If
this fails, you will then be prompted to provide a password.
`-new PASSWORD'
Use this option to specify the password protecting the private key
material of the newly cloned copy of the Key Entry.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -storepasswd, Next: Command -keypasswd, Prev: Command -keyclone, Up: Management Commands
2.2.7.2 The `-storepasswd' command
..................................
Use this command to change the password protecting a key store.
`-new PASSWORD'
The new, and different, password which will be used to protect the
designated key store.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -keypasswd, Next: Command -delete, Prev: Command -storepasswd, Up: Management Commands
2.2.7.3 The `-keypasswd' command
................................
Use this command to change the password protecting the private key
material of a designated Key Entry.
`-alias ALIAS'
For more details *note ALIAS: alias.
Use this option to specify the password which the tool will use to
unlock the Key Entry associated with the designated Alias.
If this option is omitted, the tool will first attempt to unlock
the Key Entry using the same password protecting the key store. If
this fails, you will then be prompted to provide a password.
`-new PASSWORD'
The new, and different, password which will be used to protect the
private key material of the designated Key Entry.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Command -delete, Prev: Command -keypasswd, Up: Management Commands
2.2.7.4 The `-delete' command
.............................
Use this command to delete a designated key store entry.
`-alias ALIAS'
For more details *note ALIAS: alias.
`-storetype STORE_TYPE'
For more details *note STORE_TYPE: storetype.
`-keystore URL'
For more details *note URL: keystore.
`-storepass PASSWORD'
For more details *note PASSWORD: storepass.
`-provider PROVIDER_CLASS_NAME'
For more details *note PROVIDER_CLASS_NAME: provider.
`-v'
For more details *note verbose::.

File: cp-tools.info, Node: Other Tools, Next: I18N Issues, Prev: Security Tools, Up: Top
3 Other Tools
*************
This is a list of currently undocumented classpath tools: jar, javah,
gcjh, native2ascii, orbd, serialver, rmid, rmiregistry and tnameserv.
* Menu:
* jar Tool:: Archive tool for Java archives
* javah Tool:: A java header compiler
* gcjh Tool:: A java header compiler (old version)
* native2ascii Tool:: An encoding converter
* orbd Tool:: An object request broker daemon
* serialver Tool:: A serial version command
* rmid Tool:: RMI activation daemon
* rmiregistry Tool:: Remote object registry
* tnameserv Tool:: Naming service

File: cp-tools.info, Node: jar Tool, Next: javah Tool, Up: Other Tools
3.1 The `jar' Tool
==================
`gjar' is an implementation of Sun's jar utility that comes with the
JDK.
If any file is a directory then it is processed recursively. The
manifest file name and the archive file name needs to be specified in
the same order the `-m' and `-f' flags are specified.
Operation mode:
`-c'
Create new archive.
`-t'
List table of contents for archive.
`-x'
Extract named (or all) files from archive.
`-u'
Update existing archive.
`-i FILE'
Compute archive index.
Operation modifiers:
`-f FILE'
Specify archive file name.
`-0'
Store only; use no ZIP compression.
`-v'
Generate verbose output on standard output.
`-M'
Do not create a manifest file for the entries.
`-m MANIFEST'
Include manifest information from specified MANIFEST file.
File name selection:
`-C DIR FILE'
Change to the DIR and include the following FILE.
`-@'
Read the names of the files to add to the archive from stdin. This
option is supported only in combination with `-c' or `-u'. Non
standard option added in the GCC version.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
java(1), ...

File: cp-tools.info, Node: javah Tool, Next: gcjh Tool, Prev: jar Tool, Up: Other Tools
3.2 The `javah' Tool
====================
The `gjavah' program is used to generate header files from class files.
It can generate both CNI and JNI header files, as well as stub
implementation files which can be used as a basis for implementing the
required native methods.
`-d DIR'
Set output directory.
`-o FILE'
Set output file (only one of `-d' or `-o' may be used).
`-cmdfile FILE'
Read command file.
`-all DIR'
Operate on all class files under directory DIR.
`-stubs'
Emit stub implementation.
`-jni'
Emit JNI stubs or header (default).
`-cni'
Emit CNI stubs or header (default JNI).
`-verbose'
Set verbose mode.
`-force'
Output files should always be written.
Class path options:
`-classpath PATH'
Set the class path.
`-IDIR'
Add directory to class path.
`-bootclasspath PATH'
Set the boot class path.
`-extdirs PATH'
Set the extension directory path.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
javac(1), ...

File: cp-tools.info, Node: gcjh Tool, Next: native2ascii Tool, Prev: javah Tool, Up: Other Tools
3.3 The `gcjh' Tool
===================
The `gcjh' program is used to generate header files from class files.
It can generate both CNI and JNI header files, as well as stub
implementation files which can be used as a basis for implementing the
required native methods. It is similar to `javah' but has slightly
different command line options, and defaults to CNI.
See `javah' for a full description; this page only lists the
additional options provided by `gcjh'.
CNI text options
`-add TEXT'
Insert TEXT into class body.
`-append TEXT'
Append TEXT after class declaration.
`-friend TEXT'
Insert TEXT as a `friend' declaration.
`-prepend TEXT'
Insert TEXT before start of class.
Compatibility options (unused)
`-td DIR'
`-M'
`-MM'
`-MD'
`-MMD'
Unused compatibility option.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
javac(1), javah(1), ...

File: cp-tools.info, Node: native2ascii Tool, Next: orbd Tool, Prev: gcjh Tool, Up: Other Tools
3.4 The `native2ascii' Tool
===========================
To be written ...
`-encoding NAME'
Set the encoding to use.
`-reversed'
Convert from encoding to native.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
javac(1), ...

File: cp-tools.info, Node: orbd Tool, Next: serialver Tool, Prev: native2ascii Tool, Up: Other Tools
3.5 The `orbd' object request broker daemon
===========================================
To be written ...
`-ORBInitialPort PORT'
Port on which persistent naming service is to be started.
`-ior FILE'
File in which to store persistent naming service's IOR reference
`-directory DIR'
Directory in which to store persistent data.
`-restart'
Restart persistent naming service, clearing persistent naming
database.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
java(1), ...

File: cp-tools.info, Node: serialver Tool, Next: rmid Tool, Prev: orbd Tool, Up: Other Tools
3.6 The `serialver' version command
===================================
Print the serialVersionUID of the specified classes.
`-classpath PATH'
Class path to use to find classes.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
javac(1), ...

File: cp-tools.info, Node: rmid Tool, Next: rmiregistry Tool, Prev: serialver Tool, Up: Other Tools
3.7 The `rmid' RMI activation system daemon
===========================================
`rmiregistry' starts a remote object registry on the current host. If
no port number is specified, then port 1099 is used.
Activation process control:
`-port PORT'
Port on which activation system is to be started.
`-restart'
Restart activation system, clearing persistent naming database, if
any.
`-stop'
Stop activation system.
Persistence:
`-persistent'
Make activation system persistent.
`-directory DIR'
Directory in which to store persistent data.
Debugging:
`-verbose'
Log binding events to standard out.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
java(1), ...

File: cp-tools.info, Node: rmiregistry Tool, Next: tnameserv Tool, Prev: rmid Tool, Up: Other Tools
3.8 The `rmiregistry' Tool
==========================
`grmiregistry' starts a remote object registry on the current host. If
no port number is specified, then port 1099 is used.
Registry process control:
`-restart'
Restart RMI naming service, clearing persistent naming database, if
any.
`-stop'
Stop RMI naming service.
Persistence:
`-persistent'
Make RMI naming service persistent.
`-directory DIR'
Directory in which to store persistent data.
Debugging:
`-verbose'
Log binding events to standard out.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
java(1), ...

File: cp-tools.info, Node: tnameserv Tool, Prev: rmiregistry Tool, Up: Other Tools
3.9 The `tnameserv' Tool
========================
To be written ...
`-ORBInitialPort PORT'
Port on which naming service is to be started.
`-ior FILE'
File in which to store naming service's IOR reference.
Standard options:
`-help'
Print help text, then exit.
`-version'
Print version number, then exit.
`-JOPTION'
Pass argument to the Java runtime.
java(1), ...

File: cp-tools.info, Node: I18N Issues, Prev: Other Tools, Up: Top
4 I18N Issues
*************
Some tools -*note Security Tools::- allow using other than the English
language when prompting the User for input, and outputing messages.
This chapter describes the elements used to offer this support and how
they can be adapted for use with specific languages.
* Menu:
* Language Resources:: Where resources are located
* Message Formats:: How messages are internationalized

File: cp-tools.info, Node: Language Resources, Next: Message Formats, Prev: I18N Issues, Up: I18N Issues
4.1 Language-specific resources
===============================
The Tools use Java `ResourceBundle's to store messages, and message
templates they use at runtime to generate the message text itself,
depending on the locale in use at the time.
The Resource Bundles these tools use are essentially Java Properties
files consisting of a set of Name/Value pairs. The Name is the Propery
Name and the Value is a substitution string that is used when the code
references the associated Name. For example the following is a line in
a Resource Bundle used by the `keytool' Tool:
Command.23=A correct key password MUST be provided
When the tool needs to signal a mandatory but missing key password,
it would reference the property named `Command.23' and the message "`A
correct key password MUST be provided'" will be used instead. This
indirect referencing of "resources" permits replacing, as late as
possible, the English strings with strings in other languages, provided
of course Resource Bundles in those languages are provided.
For the GNU Classpath Tools described in this Guide, the Resource
Bundles are files named `messages[_ll[_CC[_VV]]].properties' where:
LL
Is the 2-letter code for the Language,
CC
Is the 2-letter code for the Region, and
VV
Is the 2-letter code for the Variant of the language.
The complete list of language codes can be found at Code for the
representation of names of languages
(http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt). A similar
list for the region codes can be found at ISO 3166 Codes (Countries)
(http://userpage.chemie.fu-berlin.de/diverse/doc/ISO_3166.html).
The location of the Resource Bundles for the GNU Classpath Tools is
specific to each tool. The next table shows where these files are found
in a standard GNU Classpath distribution:
`jarsigner'
`gnu/classpath/tools/jarsigner'
`keytool'
`gnu/classpath/tools/keytool'
The collection of Resource Bundles in a location act as an inverted
tree with a parent-child relationship. For example suppose in the
`gnu/classpath/tools/keytool' there are 3 message bundles named:
1. `messages.properties'
2. `messages_fr.properties'
3. `messages_fr_FR.properties'
In the above example, bundle #1 will act as the parent of bundle #2,
which in turn will act as the parent for bundle #3. This ordering is
used by the Java runtime to choose which file to load based on the set
Locale. For example if the Locale is `fr_CH', `messages_fr.properties'
will be used because (a) `messages_fr_CH.properties' does not exist,
but (b) `messages_fr.properties' is the parent for the required bundle,
and it exists. As another example, suppose the Locale was set to
`en_AU'; then the tool will end up using `messages.properties' because
(a) `messages_en_AU.properties' does not exist, (b)
`messages_en.properties' which is the parent for the required bundle
does not exist, but (c) `messages.properties' exists and is the root of
the hierarchy.
You can see from the examples above that `messages.properties' is
the safety net that the Java runtime falls back to when failing to find
a specific bunlde and its parent(s). This file is always provided with
the Tool. In time, more localized versions will be included to cater
for other languages.
In the meantime, if you are willing to contribute localized versions
of these resources, grab the `messages.properties' for a specific tool;
translate it; save it with the appropriate language and region suffix
and mail it to `classpath@gnu.org'.

File: cp-tools.info, Node: Message Formats, Prev: Language Resources, Up: I18N Issues
4.2 Message formats
===================
If you open any of the `messages.properties' described in the previous
section, you may see properties that look like so:
Command.67=Issuer: {0}
Command.68=Serial number: {0,number}
Command.69=Valid from: {0,date,full} - {0,time,full}
Command.70=\ \ \ \ \ until: {0,date,full} - {0,time,full}
These are Message Formats used by the tools to customize a text
string that will then be used either as a prompt for User input or as
output.
If you are translating a `messages.properties' be careful not to
alter text between curly braces.

Tag Table:
Node: Top432
Node: Applet Tools3881
Node: appletviewer Tool4454
Node: gcjwebplugin7569
Node: Security Tools7881
Node: jarsigner Tool8534
Node: Common jarsigner Options9581
Node: Signing Options10896
Node: Verification Options13478
Node: keytool Tool14066
Node: Getting Help18494
Node: Common keytool Options19238
Ref: alias19511
Ref: keyalg19893
Ref: keysize20123
Ref: validity20388
Ref: storetype20603
Ref: storepass20934
Ref: keystore21131
Ref: provider21674
Ref: file22081
Ref: verbose22552
Node: Distinguished Names22644
Ref: dn22838
Node: Add/Update Commands23901
Node: Command -genkey24429
Node: Command -import26837
Node: Command -selfcert29981
Node: Command -cacert32160
Node: Command -identitydb33213
Node: Export Commands33871
Node: Command -certreq34187
Node: Command -export36593
Node: Display Commands37790
Node: Command -list38122
Node: Command -printcert39255
Node: Management Commands39639
Node: Command -keyclone40071
Node: Command -storepasswd41474
Node: Command -keypasswd42203
Node: Command -delete43397
Node: Other Tools44020
Node: jar Tool44805
Node: javah Tool46197
Node: gcjh Tool47416
Node: native2ascii Tool48529
Node: orbd Tool48990
Node: serialver Tool49720
Node: rmid Tool50189
Node: rmiregistry Tool51130
Node: tnameserv Tool51970
Node: I18N Issues52460
Node: Language Resources52961
Node: Message Formats56624

End Tag Table