archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge

Browse source
This commit is contained in:
Daniel D. Daugherty 2022-07-20 22:56:17 +00:00
commit 9c19d89c9c
28 changed files with 489 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

39
src/java.base/share/man/keytool.1
View file

@ -22,7 +22,7 @@
.\"t
.\" Automatically generated by Pandoc 2.3.1
.\"
.TH "KEYTOOL" "1" "2022" "JDK 19\-ea" "JDK Commands"
.TH "KEYTOOL" "1" "2022" "JDK 19" "JDK Commands"
.hy
.SH NAME
.PP
@ -433,7 +433,7 @@ single\-element certificate chain.
When the \f[CB]\-signer\f[R] option is specified, a new certificate is
generated and signed by the designated signer and stored as a
multiple\-element certificate chain (containing the generated
certificate itself, and the signer???s certificate chain).
certificate itself, and the signer?s certificate chain).
The certificate chain and private key are stored in a new keystore entry
that is identified by its alias.
.PP
@ -453,7 +453,7 @@ specified.
The \f[CB]\-signer\f[R] value specifies the alias of a
\f[CB]PrivateKeyEntry\f[R] for the signer that already exists in the
keystore.
This option is used to sign the certificate with the signer???s private
This option is used to sign the certificate with the signer?s private
key.
This is especially useful for key agreement algorithms (i.e.
the \f[CB]\-keyalg\f[R] value is \f[CB]XDH\f[R], \f[CB]X25519\f[R],
@ -461,7 +461,7 @@ the \f[CB]\-keyalg\f[R] value is \f[CB]XDH\f[R], \f[CB]X25519\f[R],
signatures, and therefore a self\-signed certificate cannot be created.
.PP
The \f[CB]\-signerkeypass\f[R] value specifies the password of the
signer???s private key.
signer?s private key.
It can be specified if the private key of the signer entry is protected
by a password different from the store password.
.PP
@ -1571,8 +1571,9 @@ The following examples show the defaults for various option values:
\-alias\ "mykey"
\-keysize
\ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "RSA",\ "DSA",\ "RSASSA\-PSS",\ or\ "DH")
\ \ \ \ 256\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "EC")
\ \ \ \ 2048\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "DSA")
\ \ \ \ 3072\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "RSA",\ "RSASSA\-PSS",\ or\ "DH")
\ \ \ \ 384\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "EC")
\ \ \ \ 255\ (when\ using\ \-genkeypair\ and\ \-keyalg\ is\ "EdDSA",\ or\ "XDH)
\ \ \ \ 56\ (when\ using\ \-genseckey\ and\ \-keyalg\ is\ "DES")
\ \ \ \ 168\ (when\ using\ \-genseckey\ and\ \-keyalg\ is\ "DESede")
@ -1600,6 +1601,7 @@ signature algorithm (\f[CB]\-sigalg\f[R] option) is derived from the
algorithm of the underlying private key to provide an appropriate level
of security strength as follows:
.PP
Default Signature Algorithms
.TS
tab(@);
l l l.
@ -1621,9 +1623,9 @@ T}
T{
RSA
T}@T{
<= 3072
< 624
T}@T{
SHA256withRSA
SHA256withRSA (keysize is too small for using SHA\-384)
T}
T{
T}@T{
@ -1640,28 +1642,27 @@ T}
T{
EC
T}@T{
< 384
T}@T{
SHA256withECDSA
T}
T{
T}@T{
< 512
T}@T{
SHA384withECDSA
T}
T{
T}@T{
= 512
>= 512
T}@T{
SHA512withECDSA
T}
T{
RSASSA\-PSS
T}@T{
<= 3072
< 624
T}@T{
RSASSA\-PSS (with SHA\-256)
RSASSA\-PSS (with SHA\-256, keysize is too small for
T}
T{
T}@T{
T}@T{
using SHA\-384)
T}
T{
T}@T{
@ -1946,9 +1947,9 @@ distinguished name is \f[CB]myname\f[R], \f[CB]mygroup\f[R],
\f[CB]mycompany\f[R], and a two\-letter country code of
\f[CB]mycountry\f[R].
It uses the RSA key generation algorithm to create the keys; both are
2048 bits
3072 bits.
.PP
The command uses the default SHA256withRSA signature algorithm to create
The command uses the default SHA384withRSA signature algorithm to create
a self\-signed certificate that includes the public key and the
distinguished name information.
The certificate is valid for 180 days, and is associated with the