1 This is cp-tools.info, produced by makeinfo version 4.11 from
4 This file documents the Tools included in a standard distribution of
5 the GNU Classpath project deliverables.
7 Copyright (C) 2006, 2007 Free Software Foundation, Inc.
9 INFO-DIR-SECTION GNU Libraries
11 * Classpath Tools: (cp-tools). GNU Classpath Tools Guide
15 File: cp-tools.info, Node: Top, Next: Applet Tools, Prev: (dir), Up: (dir)
17 GNU Classpath Tools Guide
18 *************************
20 This document contains important information you need to know in order
21 to use the tools included in the GNU Classpath project deliverables.
23 The Tools aim at providing a free replacement, similar in their
24 behavior, to their counter-parts found in the Reference Implementation
25 (RI) of the Java Software Development Kit (SDK).
29 * Applet Tools:: Work with applets
30 * Security Tools:: Work securely with Java applications
31 * Other Tools:: Other tools in classpath
32 * I18N Issues:: How to add support for non-English languages
34 --- The Detailed Node Listing ---
38 * appletviewer Tool:: Load applets
39 * gcjwebplugin:: Load applets in a web browser
43 * jarsigner Tool:: Sign and verify .JAR files
44 * keytool Tool:: Manage private keys and public certificates
48 * Common jarsigner Options:: Options used when signing or verifying a file
49 * Signing Options:: Options only used when signing a .JAR file
50 * Verification Options:: Options only used when verifying a .JAR file
54 * Getting Help:: How to get help with keytool commands
55 * Common keytool Options:: Options used in more than one command
56 * Distinguished Names:: X.500 Distinguished Names used in certificates
57 * Add/Update Commands:: Commands for adding data to a Key Store
58 * Export Commands:: Commands for exporting data from a Key Store
59 * Display Commands:: Commands for displaying data in a Key Store
60 * Management Commands:: Commands for managing a Key Store
64 * Command -genkey:: Generate private key and self-signed certificate
65 * Command -import:: Import certificates and certificate replies
66 * Command -selfcert:: Generate self-signed certificate
67 * Command -cacert:: Import a CA Trusted Certificate
68 * Command -identitydb:: Import JDK-1 style identities
72 * Command -certreq:: Generate Certificate Signing Requests (CSR)
73 * Command -export:: Export a certificate in a Key Store
77 * Command -list:: Display information about one or all Aliases
78 * Command -printcert:: Print a certificate or a certificate fingerprint
82 * Command -keyclone:: Clone a Key Entry in a Key Store
83 * Command -storepasswd:: Change the password protecting a Key Store
84 * Command -keypasswd:: Change the password protecting a Key Entry
85 * Command -delete:: Remove an entry in a Key Store
89 * jar Tool:: Archive tool for Java archives
90 * javah Tool:: A java header compiler
91 * gcjh Tool:: A java header compiler (old version)
92 * native2ascii Tool:: An encoding converter
93 * orbd Tool:: An object request broker daemon
94 * serialver Tool:: A serial version command
95 * rmid Tool:: RMI activation daemon
96 * rmiregistry Tool:: Remote object registry
97 * tnameserv Tool:: Naming service
101 * Language Resources:: Where resources are located
102 * Message Formats:: How messages are internationalized
105 File: cp-tools.info, Node: Applet Tools, Next: Security Tools, Prev: Top, Up: Top
110 Two Applet Tools are available with GNU Classpath: appletviewer and
113 To avoid conflicts with other implementations, the appletviewer
114 executable is called "gappletviewer".
118 * appletviewer Tool:: Load applets
119 * gcjwebplugin:: Load applets in a web browser
121 If while using these tools you think you found a bug, then please
122 report it at classpath-bugs
123 (http://www.gnu.org/software/classpath/bugs.html).
126 File: cp-tools.info, Node: appletviewer Tool, Next: gcjwebplugin, Prev: Applet Tools, Up: Applet Tools
128 1.1 The `appletviewer' Tool
129 ===========================
133 appletviewer [OPTION]... URL...
134 appletviewer [OPTION]... `-code' CODE
135 appletviewer [OPTION]... `-plugin' INPUT,OUTPUT
137 DESCRIPTION The `appletviewer' tool loads and runs an applet.
139 Use the first form to test applets specified by tag. The URL should
140 resolve to an HTML document from which the `appletviewer' will extract
141 applet tags. The APPLET, EMBED and OBJECT tags are supported. If a
142 given document contains multiple applet tags, all the applets will be
143 loaded, with each applet appearing in its own window. Likewise, when
144 multiple URLs are specified, each applet tag instance is given its own
145 window. If a given document contains no recognized tags the
146 `appletviewer' does nothing.
148 appletviewer http://www.gnu.org/software/classpath/
150 Use the second form to test an applet in development. This form
151 allows applet tag attributes to be supplied on the command line. Only
152 one applet may be specified using the `-code' option. The `-code'
153 option overrides the URL form - any URLs specified will be ignored.
155 appletviewer -code Test.class -param datafile,data.txt
157 `gcjwebplugin' uses the third form to communicate with the
158 `appletviewer' through named pipes.
162 This option is not yet implemented but is provided for
166 Use this option to specify an alternate character encoding for the
172 Use the `-code' option to specify the value of the applet tag CODE
176 Use the `-codebase' option to specify the value of the applet tag
180 Use the `-archive' option to specify the value of the applet tag
184 Use the `-width' option to specify the value of the applet tag
188 Use the `-height' option to specify the value of the applet tag
192 Use the `-param' option to specify values for the NAME and VALUE
193 attributes of an applet PARAM tag.
197 `-plugin INPUT,OUTPUT'
198 `gcjwebplugin' uses the `-plugin' option to specify the named pipe
199 the `appletviewer' should use for receiving commands (INPUT) and
200 the one it should use for sending commands to `gcjwebplugin'
206 Use the `-verbose' option to have the `appletviewer' print
213 Use the `-help' option to have the `appletviewer' print a usage
217 Use the `-version' option to have the `appletviewer' print its
221 Use the `-J' option to pass OPTION to the virtual machine that
222 will run the `appletviewer'. Unlike other options, there must not
223 be a space between the `-J' and OPTION.
227 File: cp-tools.info, Node: gcjwebplugin, Prev: appletviewer Tool, Up: Applet Tools
229 1.2 The `gcjwebplugin' Tool
230 ===========================
232 `gcjwebplugin' is a plugin that adds applet support to web browsers.
233 Currently `gcjwebplugin' only supports Mozilla-based browsers (e.g.,
234 Firefox, Galeon, Mozilla).
237 File: cp-tools.info, Node: Security Tools, Next: Other Tools, Prev: Applet Tools, Up: Top
242 Two Security Tools are available with GNU Classpath: `jarsigner' and
245 To avoid conflicts with other implementations, the jarsigner
246 executable is called `gjarsigner' and the keytool executable is called
251 * jarsigner Tool:: Sign and verify .JAR files
252 * keytool Tool:: Manage private keys and public certificates
254 If while using these tools you think you found a bug, then please
255 report it at classpath-bugs
256 (http://www.gnu.org/software/classpath/bugs.html).
259 File: cp-tools.info, Node: jarsigner Tool, Next: keytool Tool, Prev: Security Tools, Up: Security Tools
261 2.1 The `jarsigner' Tool
262 ========================
264 The `jarsigner' tool is invoked from the command line, in one of two
267 jarsigner [OPTION]... FILE ALIAS
269 jarsigner `-verify' [OPTION]... FILE
271 When the first form is used, the tool signs the designated JAR file.
272 The second form, on the other hand, is used to verify a previously
275 FILE is the .JAR file to process; i.e., to sign if the first syntax
276 form is used, or to verify if the second syntax form is used instead.
278 ALIAS must be a known Alias of a Key Entry in the designated Key
279 Store. The private key material associated with this Alias is then used
280 for signing the designated .JAR file.
284 * Common jarsigner Options:: Options used when signing or verifying a file
285 * Signing Options:: Options only used when signing a .JAR file
286 * Verification Options:: Options only used when verifying a .JAR file
289 File: cp-tools.info, Node: Common jarsigner Options, Next: Signing Options, Prev: jarsigner Tool, Up: jarsigner Tool
294 The following options may be used when the tool is used for either
295 signing, or verifying, a .JAR file.
298 Use this option to force the tool to generate more verbose
299 messages, during its processing.
302 When present, the tool will include -which otherwise it does not-
303 the `.SF' file in the `.DSA' generated file.
306 When present, the tool will include in the `.SF' generated file
307 -which otherwise it does not- a header containing a hash of the
308 whole manifest file. When that header is included, the tool can
309 quickly check, during verification, if the hash (in the header)
310 matches or not the manifest file.
312 `-provider PROVIDER_CLASS_NAME'
313 A fully qualified class name of a Security Provider to add to the
314 current list of Security Providers already installed in the JVM
315 in-use. If a provider class is specified with this option, and was
316 successfully added to the runtime -i.e. it was not already
317 installed- then the tool will attempt to remove this Security
318 Provider before exiting.
321 Prints a help text similar to this one.
325 File: cp-tools.info, Node: Signing Options, Next: Verification Options, Prev: Common jarsigner Options, Up: jarsigner Tool
327 2.1.2 Signing options
328 ---------------------
330 The following options may be specified when using the tool for signing
334 Use this option to specify the location of the key store to use.
335 The default value is a file URL referencing the file named
336 `.keystore' located in the path returned by the call to
337 `java.lang.System#getProperty(String)' using `user.home' as
340 If a URL was specified, but was found to be malformed -e.g.
341 missing protocol element- the tool will attempt to use the URL
342 value as a file-name (with absolute or relative path-name) of a
343 key store -as if the protocol was `file:'.
345 `-storetype STORE_TYPE'
346 Use this option to specify the type of the key store to use. The
347 default value, if this option is omitted, is that of the property
348 `keystore.type' in the security properties file, which is obtained
349 by invoking the static method call `getDefaultType()' in
350 `java.security.KeyStore'.
352 `-storepass PASSWORD'
353 Use this option to specify the password which will be used to
354 unlock the key store. If this option is missing, the User will be
355 prompted to provide a password.
358 Use this option to specify the password which the tool will use to
359 unlock the Key Entry associated with the designated Alias.
361 If this option is omitted, the tool will first attempt to unlock
362 the Key Entry using the same password protecting the key store. If
363 this fails, you will then be prompted to provide a password.
366 Use this option to designate a literal that will be used to
367 construct file names for both the `.SF' and `.DSA' signature
368 files. These files will be generated, by the tool, and placed in
369 the `META-INF' directory of the signed JAR. Permissible
370 characters for NAME must be in the range "a-zA-Z0-9_-". All
371 characters will be converted to upper-case ones.
373 If this option is missing, the first eight characters of the ALIAS
374 argument will be used. When this is the case, any character in
375 ALIAS that is outside the permissible range of characters will be
376 replaced by an underscore.
379 Use this option to specify the file name of the signed JAR. If
380 this option is omitted, then the signed JAR will be named the same
381 as FILE; i.e., the input JAR file will be replaced with the signed
386 File: cp-tools.info, Node: Verification Options, Prev: Signing Options, Up: jarsigner Tool
388 2.1.3 Verification options
389 --------------------------
391 The following options may be specified when using the tool for
392 verification purposes.
395 Use this option to indicate that the tool is to be used for
396 verification purposes.
399 This option is used in conjunction with the `-verbose' option.
400 When present, along with the `-verbose' option, the tool will
401 print more detailed information about the certificates of the
402 signer(s) being processed.
406 File: cp-tools.info, Node: keytool Tool, Prev: jarsigner Tool, Up: Security Tools
408 2.2 The `keytool' Tool
409 ======================
411 Cryptographic credentials, in a Java environment, are usually stored in
412 a Key Store. The Java SDK specifies a Key Store as a persistent
413 container of two types of objects: Key Entries and Trusted
414 Certificates. The security tool `keytool' is a Java-based application
415 for managing those types of objects.
417 A Key Entry represents the private key part of a key-pair used in
418 Public-Key Cryptography, and a signed X.509 certificate which
419 authenticates the public key part for a known entity; i.e. the owner of
420 the key-pair. The X.509 certificate itself contains the public key part
423 A Trusted Certificate is a signed X.509 certificate issued by a
424 trusted entity. The Trust in this context is relative to the User of
425 the `keytool'. In other words, the existence of a Trusted Certificate
426 in the Key Store processed by a `keytool' command implies that the User
427 trusts the Issuer of that Trusted Certificate to also sign, and hence
428 authenticates, other Subjects the tool may process.
430 Trusted Certificates are important because they allow the tool to
431 mechanically construct Chains of Trust starting from one of the Trusted
432 Certificates in a Key Store and ending with a certificate whose Issuer
433 is potentially unknown. A valid chain is an ordered list, starting with
434 a Trusted Certificate (also called the anchor), ending with the target
435 certificate, and satisfying the condition that the Subject of
436 certificate `#i' is the Issuer of certificate `#i + 1'.
438 The `keytool' is invoked from the command line as follows:
440 keytool [COMMAND] ...
442 Multiple COMMANDs may be specified at once, each complete with its
443 own options. `keytool' will parse all the arguments, before processing,
444 and executing, each `COMMAND'. If an exception occurs while executing
445 one COMMAND `keytool' will abort. Note however that because the
446 implementation of the tool uses code to parse command line options that
447 also supports GNU-style options, you have to separate each command
448 group with a double-hyphen; e.g
450 keytool -list -- -printcert -alias mykey
452 Here is a summary of the commands supported by the tool:
454 1. Add/Update commands
455 `-genkey [OPTION]...'
456 Generate a new Key Entry, eventually creating a new key store.
458 `-import [OPTION]...'
459 Add, to a key store, Key Entries (private keys and
460 certificate chains authenticating the public keys) and
461 Trusted Certificates (3rd party certificates which can be
462 used as Trust Anchors when building chains-of-trust).
464 `-selfcert [OPTION]...'
465 Generate a new self-signed Trusted Certificate.
467 `-cacert [OPTION]...'
468 Import a CA Trusted Certificate.
470 `-identitydb [OPTION]...'
472 Import a JDK 1.1 style Identity Database.
475 `-certreq [OPTION]...'
476 Issue a Certificate Signing Request (CSR) which can be then
477 sent to a Certification Authority (CA) to issue a certificate
478 signed (by the CA) and authenticating the Subject of the
481 `-export [OPTION]...'
482 Export a certificate from a key store.
486 Print one or all certificates in a key store to `STDOUT'.
488 `-printcert [OPTION]...'
489 Print a human-readable form of a certificate, in a designated
492 4. Management commands
493 `-keyclone [OPTION]...'
494 Clone a Key Entry in a key store.
496 `-storepasswd [OPTION]...'
497 Change the password protecting a key store.
499 `-keypasswd [OPTION]...'
500 Change the password protecting a Key Entry in a key store.
502 `-delete [OPTION]...'
503 Delete a Key Entry or a Trusted Certificate from a key store.
507 * Getting Help:: How to get help with keytool commands
508 * Common keytool Options:: Options used in more than one command
509 * Distinguished Names:: X.500 Distinguished Names used in certificates
510 * Add/Update Commands:: Commands for adding data to a Key Store
511 * Export Commands:: Commands for exporting data from a Key Store
512 * Display Commands:: Commands for displaying data in a Key Store
513 * Management Commands:: Commands for managing a Key Store
516 File: cp-tools.info, Node: Getting Help, Next: Common keytool Options, Prev: keytool Tool, Up: keytool Tool
521 To get a general help text about the tool, use the `-help' option; e.g.
525 To get more specific help text about one of the tool's command use
526 the `-help' option for that command; e.g.
528 `keytool -genkey -help'
530 In both instances, the tool will print a help text and then will
531 exit the running JVM.
533 It is worth noting here that the help messages printed by the tool
534 are I18N-ready. This means that if/when the contents of the tool's
535 Message Bundle properties file are available in languages other than
536 English, you may see those messages in that language.
539 File: cp-tools.info, Node: Common keytool Options, Next: Distinguished Names, Prev: Getting Help, Up: keytool Tool
544 The following `OPTION's are used in more than one `COMMAND'. They are
545 described here to reduce redundancy.
548 Every entry, be it a Key Entry or a Trusted Certificate, in a key
549 store is uniquely identified by a user-defined ALIAS string. Use
550 this option to specify the ALIAS to use when referring to an entry
551 in the key store. Unless specified otherwise, a default value of
552 `mykey' shall be used when this option is omitted from the command
556 Use this option to specify the canonical name of the key-pair
557 generation algorithm. The default value for this option is `DSS'
558 (a synonym for the Digital Signature Algorithm also known as DSA).
561 Use this option to specify the number of bits of the shared
562 modulus (for both the public and private keys) to use when
563 generating new keys. A default value of `1024' will be used if
564 this option is omitted from the command line.
566 `-validity DAY_COUNT'
567 Use this option to specify the number of days a newly generated
568 certificate will be valid for. The default value is `90' (days) if
569 this option is omitted from the command line.
571 `-storetype STORE_TYPE'
572 Use this option to specify the type of the key store to use. The
573 default value, if this option is omitted, is that of the property
574 `keystore.type' in the security properties file, which is obtained
575 by invoking the static method call `getDefaultType()' in
576 `java.security.KeyStore'.
578 `-storepass PASSWORD'
579 Use this option to specify the password protecting the key store.
580 If this option is omitted from the command line, you will be
581 prompted to provide a password.
584 Use this option to specify the location of the key store to use.
585 The default value is a file URL referencing the file named
586 `.keystore' located in the path returned by the call to
587 `java.lang.System#getProperty(String)' using `user.home' as
590 If a URL was specified, but was found to be malformed -e.g.
591 missing protocol element- the tool will attempt to use the URL
592 value as a file-name (with absolute or relative path-name) of a
593 key store -as if the protocol was `file:'.
595 `-provider PROVIDER_CLASS_NAME'
596 A fully qualified class name of a Security Provider to add to the
597 current list of Security Providers already installed in the JVM
598 in-use. If a provider class is specified with this option, and was
599 successfully added to the runtime -i.e. it was not already
600 installed- then the tool will attempt to removed this Security
601 Provider before exiting.
604 Use this option to designate a file to use with a command. When
605 specified with this option, the value is expected to be the fully
606 qualified path of a file accessible by the File System. Depending
607 on the command, the file may be used as input or as output. When
608 this option is omitted from the command line, `STDIN' will be used
609 instead, as the source of input, and `STDOUT' will be used instead
610 as the output destination.
613 Unless specified otherwise, use this option to enable more verbose
618 File: cp-tools.info, Node: Distinguished Names, Next: Add/Update Commands, Prev: Common keytool Options, Up: keytool Tool
620 2.2.3 X.500 Distinguished Names
621 -------------------------------
623 A Distinguished Name (or DN) MUST be supplied with some of the
624 `COMMAND's using a `-dname' option. The syntax of a valid value for
625 this option MUST follow RFC-2253 specifications. Namely the following
626 components (with their accepted meaning) will be recognized. Note that
627 the component name is case-insensitive:
630 The Common Name; e.g. `host.domain.com'
633 The Organizational Unit; e.g. `IT Department'
636 The Organization Name; e.g. `The Sample Company'
639 The Locality Name; e.g. `Sydney'
642 The State Name; e.g. `New South Wales'
645 The 2-letter Country identifier; e.g. `AU'
647 When specified with a `-dname' option, each pair of component/value
648 will be separated from the other with a comma. Each component and value
649 pair MUST be separated by an equal sign. For example, the following is
651 CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU
653 If the Distinguished Name is required, and no valid default value can
654 be used, the tool will prompt you to enter the information through the
658 File: cp-tools.info, Node: Add/Update Commands, Next: Export Commands, Prev: Distinguished Names, Up: keytool Tool
660 2.2.4 Add/Update commands
661 -------------------------
665 * Command -genkey:: Generate private key and self-signed certificate
666 * Command -import:: Import certificates and certificate replies
667 * Command -selfcert:: Generate self-signed certificate
668 * Command -cacert:: Import a CA Trusted Certificate
669 * Command -identitydb:: Import JDK-1 style identities
672 File: cp-tools.info, Node: Command -genkey, Next: Command -import, Prev: Add/Update Commands, Up: Add/Update Commands
674 2.2.4.1 The `-genkey' command
675 .............................
677 Use this command to generate a new key-pair (both private and public
678 keys), and save these credentials in the key store as a Key Entry,
679 associated with the designated (if was specified with the `-alias'
680 option) or default (if the `-alias' option is omitted) Alias.
682 The private key material will be protected with a user-defined
683 password (see `-keypass' option). The public key on the other hand will
684 be part of a self-signed X.509 certificate, which will form a 1-element
685 chain and will be saved in the key store.
688 For more details *note ALIAS: alias.
691 For more details *note ALGORITHM: keyalg.
694 For more details *note KEY_SIZE: keysize.
697 The canonical name of the digital signature algorithm to use for
698 signing certificates. If this option is omitted, a default value
699 will be chosen based on the type of the key-pair; i.e., the
700 algorithm that ends up being used by the -keyalg option. If the
701 key-pair generation algorithm is `DSA', the value for the
702 signature algorithm will be `SHA1withDSA'. If on the other hand
703 the key-pair generation algorithm is `RSA', then the tool will use
704 `MD5withRSA' as the signature algorithm.
707 This a mandatory value for the command. If no value is specified
708 -i.e. the `-dname' option is omitted- the tool will prompt you to
709 enter a Distinguished Name to use as both the Owner and Issuer of
710 the generated self-signed certificate.
712 For more details *note X.500 DISTINGUISHED NAME: dn.
715 Use this option to specify the password which the tool will use to
716 protect the newly created Key Entry.
718 If this option is omitted, you will be prompted to provide a
721 `-validity DAY_COUNT'
722 For more details *note DAY_COUNT: validity.
724 `-storetype STORE_TYPE'
725 For more details *note STORE_TYPE: storetype.
728 For more details *note URL: keystore.
730 `-storepass PASSWORD'
731 For more details *note PASSWORD: storepass.
733 `-provider PROVIDER_CLASS_NAME'
734 For more details *note PROVIDER_CLASS_NAME: provider.
737 For more details *note verbose::.
741 File: cp-tools.info, Node: Command -import, Next: Command -selfcert, Prev: Command -genkey, Up: Add/Update Commands
743 2.2.4.2 The `-import' command
744 .............................
746 Use this command to read an X.509 certificate, or a PKCS#7 Certificate
747 Reply from a designated input source and incorporate the certificates
750 If the Alias does not already exist in the key store, the tool
751 treats the certificate read from the input source as a new Trusted
752 Certificate. It then attempts to discover a chain-of-trust, starting
753 from that certificate and ending at another Trusted Certificate,
754 already stored in the key store. If the `-trustcacerts' option is
755 present, an additional key store, of type `JKS' named `cacerts', and
756 assumed to be present in `${JAVA_HOME}/lib/security' will also be
757 consulted if found -`${JAVA_HOME}' refers to the location of an
758 installed Java Runtime Environment (JRE). If no chain-of-trust can be
759 established, and unless the `-noprompt' option has been specified, the
760 certificate is printed to `STDOUT' and the user is prompted for a
763 If Alias exists in the key store, the tool will treat the
764 certificate(s) read from the input source as a Certificate Reply, which
765 can be a chain of certificates, that eventually would replace the chain
766 of certificates associated with the Key Entry of that Alias. The
767 substitution of the certificates only occurs if a chain-of-trust can be
768 established between the bottom certificate of the chain read from the
769 input file and the Trusted Certificates already present in the key
770 store. Again, if the `-trustcacerts' option is specified, additional
771 Trusted Certificates in the same `cacerts' key store will be
772 considered. If no chain-of-trust can be established, the operation will
776 For more details *note ALIAS: alias.
779 For more details *note FILE: file.
782 Use this option to specify the password which the tool will use to
783 protect the Key Entry associated with the designated Alias, when
784 replacing this Alias' chain of certificates with that found in the
787 If this option is omitted, and the chain-of-trust for the
788 certificate reply has been established, the tool will first
789 attempt to unlock the Key Entry using the same password protecting
790 the key store. If this fails, you will then be prompted to provide
794 Use this option to prevent the tool from prompting the user.
797 Use this option to indicate to the tool that a key store, of type
798 `JKS', named `cacerts', and usually located in `lib/security' in
799 an installed Java Runtime Environment should be considered when
800 trying to establish chain-of-trusts.
802 `-storetype STORE_TYPE'
803 For more details *note STORE_TYPE: storetype.
806 For more details *note URL: keystore.
808 `-storepass PASSWORD'
809 For more details *note PASSWORD: storepass.
811 `-provider PROVIDER_CLASS_NAME'
812 For more details *note PROVIDER_CLASS_NAME: provider.
815 For more details *note verbose::.
819 File: cp-tools.info, Node: Command -selfcert, Next: Command -cacert, Prev: Command -import, Up: Add/Update Commands
821 2.2.4.3 The `-selfcert' command
822 ...............................
824 Use this command to generate a self-signed X.509 version 1 certificate.
825 The newly generated certificate will form a chain of one element which
826 will replace the previous chain associated with the designated Alias
827 (if `-alias' option was specified), or the default Alias (if `-alias'
831 For more details *note ALIAS: alias.
834 The canonical name of the digital signature algorithm to use for
835 signing the certificate. If this option is omitted, a default
836 value will be chosen based on the type of the private key
837 associated with the designated Alias. If the private key is a
838 `DSA' one, the value for the signature algorithm will be
839 `SHA1withDSA'. If on the other hand the private key is an `RSA'
840 one, then the tool will use `MD5withRSA' as the signature
844 Use this option to specify the Distinguished Name of the newly
845 generated self-signed certificate. If this option is omitted, the
846 existing Distinguished Name of the base certificate in the chain
847 associated with the designated Alias will be used instead.
849 For more details *note X.500 DISTINGUISHED NAME: dn.
851 `-validity DAY_COUNT'
852 For more details *note DAY_COUNT: validity.
855 Use this option to specify the password which the tool will use to
856 unlock the Key Entry associated with the designated Alias.
858 If this option is omitted, the tool will first attempt to unlock
859 the Key Entry using the same password protecting the key store. If
860 this fails, you will then be prompted to provide a password.
862 `-storetype STORE_TYPE'
863 For more details *note STORE_TYPE: storetype.
866 For more details *note URL: keystore.
868 `-storepass PASSWORD'
869 For more details *note PASSWORD: storepass.
871 `-provider PROVIDER_CLASS_NAME'
872 For more details *note PROVIDER_CLASS_NAME: provider.
875 For more details *note verbose::.
879 File: cp-tools.info, Node: Command -cacert, Next: Command -identitydb, Prev: Command -selfcert, Up: Add/Update Commands
881 2.2.4.4 The `-cacert' command
882 .............................
884 Use this command to import, a CA certificate and add it to the key
885 store as a Trusted Certificate. The Alias for this new entry will be
886 constructed from the FILE's base-name after replacing hyphens and dots
889 This command is useful when used in a script that recursively visits
890 a directory of CA certificates to populate a `cacerts.gkr' Key Store of
891 trusted certificates which can then be used commands that specify the
892 `-trustcacerts' option.
895 For more details *note FILE: file.
897 `-storetype STORE_TYPE'
898 For more details *note STORE_TYPE: storetype.
901 For more details *note URL: keystore.
903 `-storepass PASSWORD'
904 For more details *note PASSWORD: storepass.
906 `-provider PROVIDER_CLASS_NAME'
907 For more details *note PROVIDER_CLASS_NAME: provider.
910 For more details *note verbose::.
914 File: cp-tools.info, Node: Command -identitydb, Prev: Command -cacert, Up: Add/Update Commands
916 2.2.4.5 The `-identitydb' command
917 .................................
921 Use this command to import a JDK 1.1 style Identity Database.
924 For more details *note FILE: file.
926 `-storetype STORE_TYPE'
927 For more details *note STORE_TYPE: storetype.
930 For more details *note URL: keystore.
932 `-storepass PASSWORD'
933 For more details *note PASSWORD: storepass.
935 `-provider PROVIDER_CLASS_NAME'
936 For more details *note PROVIDER_CLASS_NAME: provider.
939 For more details *note verbose::.
943 File: cp-tools.info, Node: Export Commands, Next: Display Commands, Prev: Add/Update Commands, Up: keytool Tool
945 2.2.5 Export commands
946 ---------------------
950 * Command -certreq:: Generate Certificate Signing Requests (CSR)
951 * Command -export:: Export a certificate in a Key Store
954 File: cp-tools.info, Node: Command -certreq, Next: Command -export, Prev: Export Commands, Up: Export Commands
956 2.2.5.1 The `-certreq' command
957 ..............................
959 Use this command to generate a PKCS#10 Certificate Signing Request
960 (CSR) and write it to a designated output destination. The contents of
961 the destination should look something like the following:
963 -----BEGIN NEW CERTIFICATE REQUEST-----
964 MI...QAwXzEUMBIGA1UEAwwLcnNuQGdudS5vcmcxGzAZBgNVBAoMElUg
965 Q2...A0GA1UEBwwGU3lkbmV5MQwwCgYDVQQIDANOU1cxCzAJBgNVBACC
967 FC...IVwNVOfQLRX+O5kAhQ/a4RTZme2L8PnpvgRwrf7Eg8D6w==
968 -----END NEW CERTIFICATE REQUEST-----
970 IMPORTANT: Some documentation (e.g. RSA examples) claims that the
971 `Attributes' field, in the CSR is `OPTIONAL' while RFC-2986 implies the
972 opposite. This implementation considers this field, by default, as
973 `OPTIONAL', unless the option `-attributes' is specified on the command
977 For more details *note ALIAS: alias.
980 The canonical name of the digital signature algorithm to use for
981 signing the certificate. If this option is omitted, a default
982 value will be chosen based on the type of the private key
983 associated with the designated Alias. If the private key is a
984 `DSA' one, the value for the signature algorithm will be
985 `SHA1withDSA'. If on the other hand the private key is an `RSA'
986 one, then the tool will use `MD5withRSA' as the signature
990 For more details *note FILE: file.
993 Use this option to specify the password which the tool will use to
994 unlock the Key Entry associated with the designated Alias.
996 If this option is omitted, the tool will first attempt to unlock
997 the Key Entry using the same password protecting the key store. If
998 this fails, you will then be prompted to provide a password.
1000 `-storetype STORE_TYPE'
1001 For more details *note STORE_TYPE: storetype.
1004 For more details *note URL: keystore.
1006 `-storepass PASSWORD'
1007 For more details *note PASSWORD: storepass.
1009 `-provider PROVIDER_CLASS_NAME'
1010 For more details *note PROVIDER_CLASS_NAME: provider.
1013 For more details *note verbose::.
1016 Use this option to force the tool to encode a `NULL' DER value in
1017 the CSR as the value of the `Attributes' field.
1021 File: cp-tools.info, Node: Command -export, Prev: Command -certreq, Up: Export Commands
1023 2.2.5.2 The `-export' command
1024 .............................
1026 Use this command to export a certificate stored in a key store to a
1027 designated output destination, either in binary format (if the `-v'
1028 option is specified), or in RFC-1421 compliant encoding (if the `-rfc'
1029 option is specified instead).
1032 For more details *note ALIAS: alias.
1035 For more details *note FILE: file.
1037 `-storetype STORE_TYPE'
1038 For more details *note STORE_TYPE: storetype.
1041 For more details *note URL: keystore.
1043 `-storepass PASSWORD'
1044 For more details *note PASSWORD: storepass.
1046 `-provider PROVIDER_CLASS_NAME'
1047 For more details *note PROVIDER_CLASS_NAME: provider.
1050 Use RFC-1421 specifications when encoding the output.
1053 Output the certificate in binary DER encoding. This is the default
1054 output format of the command if neither `-rfc' nor `-v' options
1055 were detected on the command line. If both this option and the
1056 `-rfc' option are detected on the command line, the tool will opt
1057 for the RFC-1421 style encoding.
1061 File: cp-tools.info, Node: Display Commands, Next: Management Commands, Prev: Export Commands, Up: keytool Tool
1063 2.2.6 Display commands
1064 ----------------------
1068 * Command -list:: Display information about one or all Aliases
1069 * Command -printcert:: Print a certificate or a certificate fingerprint
1072 File: cp-tools.info, Node: Command -list, Next: Command -printcert, Prev: Display Commands, Up: Display Commands
1074 2.2.6.1 The `-list' command
1075 ...........................
1077 Use this command to print one or all of a key store entries to
1078 `STDOUT'. Usually this command will only print a fingerprint of the
1079 certificate, unless either the `-rfc' or the `-v' option is specified.
1082 If this option is omitted, the tool will print ALL the entries
1083 found in the key store.
1085 For more details *note ALIAS: alias.
1087 `-storetype STORE_TYPE'
1088 For more details *note STORE_TYPE: storetype.
1091 For more details *note URL: keystore.
1093 `-storepass PASSWORD'
1094 For more details *note PASSWORD: storepass.
1096 `-provider PROVIDER_CLASS_NAME'
1097 For more details *note PROVIDER_CLASS_NAME: provider.
1100 Use RFC-1421 specifications when encoding the output.
1103 Output the certificate in human-readable format. If both this
1104 option and the `-rfc' option are detected on the command line, the
1105 tool will opt for the human-readable form and will not abort the
1110 File: cp-tools.info, Node: Command -printcert, Prev: Command -list, Up: Display Commands
1112 2.2.6.2 The `-printcert' command
1113 ................................
1115 Use this command to read a certificate from a designated input source
1116 and print it to `STDOUT' in a human-readable form.
1119 For more details *note FILE: file.
1122 For more details *note verbose::.
1126 File: cp-tools.info, Node: Management Commands, Prev: Display Commands, Up: keytool Tool
1128 2.2.7 Management commands
1129 -------------------------
1133 * Command -keyclone:: Clone a Key Entry in a Key Store
1134 * Command -storepasswd:: Change the password protecting a Key Store
1135 * Command -keypasswd:: Change the password protecting a Key Entry
1136 * Command -delete:: Remove an entry in a Key Store
1139 File: cp-tools.info, Node: Command -keyclone, Next: Command -storepasswd, Prev: Management Commands, Up: Management Commands
1141 2.2.7.1 The `-keyclone' command
1142 ...............................
1144 Use this command to clone an existing Key Entry and store it under a
1145 new (different) Alias protecting, its private key material with
1146 possibly a new password.
1149 For more details *note ALIAS: alias.
1152 Use this option to specify the new Alias which will be used to
1153 identify the cloned copy of the Key Entry.
1156 Use this option to specify the password which the tool will use to
1157 unlock the Key Entry associated with the designated Alias.
1159 If this option is omitted, the tool will first attempt to unlock
1160 the Key Entry using the same password protecting the key store. If
1161 this fails, you will then be prompted to provide a password.
1164 Use this option to specify the password protecting the private key
1165 material of the newly cloned copy of the Key Entry.
1167 `-storetype STORE_TYPE'
1168 For more details *note STORE_TYPE: storetype.
1171 For more details *note URL: keystore.
1173 `-storepass PASSWORD'
1174 For more details *note PASSWORD: storepass.
1176 `-provider PROVIDER_CLASS_NAME'
1177 For more details *note PROVIDER_CLASS_NAME: provider.
1180 For more details *note verbose::.
1184 File: cp-tools.info, Node: Command -storepasswd, Next: Command -keypasswd, Prev: Command -keyclone, Up: Management Commands
1186 2.2.7.2 The `-storepasswd' command
1187 ..................................
1189 Use this command to change the password protecting a key store.
1192 The new, and different, password which will be used to protect the
1193 designated key store.
1195 `-storetype STORE_TYPE'
1196 For more details *note STORE_TYPE: storetype.
1199 For more details *note URL: keystore.
1201 `-storepass PASSWORD'
1202 For more details *note PASSWORD: storepass.
1204 `-provider PROVIDER_CLASS_NAME'
1205 For more details *note PROVIDER_CLASS_NAME: provider.
1208 For more details *note verbose::.
1212 File: cp-tools.info, Node: Command -keypasswd, Next: Command -delete, Prev: Command -storepasswd, Up: Management Commands
1214 2.2.7.3 The `-keypasswd' command
1215 ................................
1217 Use this command to change the password protecting the private key
1218 material of a designated Key Entry.
1221 For more details *note ALIAS: alias.
1223 Use this option to specify the password which the tool will use to
1224 unlock the Key Entry associated with the designated Alias.
1226 If this option is omitted, the tool will first attempt to unlock
1227 the Key Entry using the same password protecting the key store. If
1228 this fails, you will then be prompted to provide a password.
1231 The new, and different, password which will be used to protect the
1232 private key material of the designated Key Entry.
1234 `-storetype STORE_TYPE'
1235 For more details *note STORE_TYPE: storetype.
1238 For more details *note URL: keystore.
1240 `-storepass PASSWORD'
1241 For more details *note PASSWORD: storepass.
1243 `-provider PROVIDER_CLASS_NAME'
1244 For more details *note PROVIDER_CLASS_NAME: provider.
1247 For more details *note verbose::.
1251 File: cp-tools.info, Node: Command -delete, Prev: Command -keypasswd, Up: Management Commands
1253 2.2.7.4 The `-delete' command
1254 .............................
1256 Use this command to delete a designated key store entry.
1259 For more details *note ALIAS: alias.
1261 `-storetype STORE_TYPE'
1262 For more details *note STORE_TYPE: storetype.
1265 For more details *note URL: keystore.
1267 `-storepass PASSWORD'
1268 For more details *note PASSWORD: storepass.
1270 `-provider PROVIDER_CLASS_NAME'
1271 For more details *note PROVIDER_CLASS_NAME: provider.
1274 For more details *note verbose::.
1278 File: cp-tools.info, Node: Other Tools, Next: I18N Issues, Prev: Security Tools, Up: Top
1283 This is a list of currently undocumented classpath tools: jar, javah,
1284 gcjh, native2ascii, orbd, serialver, rmid, rmiregistry and tnameserv.
1288 * jar Tool:: Archive tool for Java archives
1289 * javah Tool:: A java header compiler
1290 * gcjh Tool:: A java header compiler (old version)
1291 * native2ascii Tool:: An encoding converter
1292 * orbd Tool:: An object request broker daemon
1293 * serialver Tool:: A serial version command
1294 * rmid Tool:: RMI activation daemon
1295 * rmiregistry Tool:: Remote object registry
1296 * tnameserv Tool:: Naming service
1299 File: cp-tools.info, Node: jar Tool, Next: javah Tool, Up: Other Tools
1304 `gjar' is an implementation of Sun's jar utility that comes with the
1307 If any file is a directory then it is processed recursively. The
1308 manifest file name and the archive file name needs to be specified in
1309 the same order the `-m' and `-f' flags are specified.
1317 List table of contents for archive.
1320 Extract named (or all) files from archive.
1323 Update existing archive.
1326 Compute archive index.
1328 Operation modifiers:
1331 Specify archive file name.
1334 Store only; use no ZIP compression.
1337 Generate verbose output on standard output.
1340 Do not create a manifest file for the entries.
1343 Include manifest information from specified MANIFEST file.
1345 File name selection:
1348 Change to the DIR and include the following FILE.
1351 Read the names of the files to add to the archive from stdin. This
1352 option is supported only in combination with `-c' or `-u'. Non
1353 standard option added in the GCC version.
1358 Print help text, then exit.
1361 Print version number, then exit.
1364 Pass argument to the Java runtime.
1369 File: cp-tools.info, Node: javah Tool, Next: gcjh Tool, Prev: jar Tool, Up: Other Tools
1371 3.2 The `javah' Tool
1372 ====================
1374 The `gjavah' program is used to generate header files from class files.
1375 It can generate both CNI and JNI header files, as well as stub
1376 implementation files which can be used as a basis for implementing the
1377 required native methods.
1380 Set output directory.
1383 Set output file (only one of `-d' or `-o' may be used).
1389 Operate on all class files under directory DIR.
1392 Emit stub implementation.
1395 Emit JNI stubs or header (default).
1398 Emit CNI stubs or header (default JNI).
1404 Output files should always be written.
1411 Add directory to class path.
1413 `-bootclasspath PATH'
1414 Set the boot class path.
1417 Set the extension directory path.
1421 Print help text, then exit.
1424 Print version number, then exit.
1427 Pass argument to the Java runtime.
1432 File: cp-tools.info, Node: gcjh Tool, Next: native2ascii Tool, Prev: javah Tool, Up: Other Tools
1437 The `gcjh' program is used to generate header files from class files.
1438 It can generate both CNI and JNI header files, as well as stub
1439 implementation files which can be used as a basis for implementing the
1440 required native methods. It is similar to `javah' but has slightly
1441 different command line options, and defaults to CNI.
1443 See `javah' for a full description; this page only lists the
1444 additional options provided by `gcjh'.
1448 Insert TEXT into class body.
1451 Append TEXT after class declaration.
1454 Insert TEXT as a `friend' declaration.
1457 Insert TEXT before start of class.
1459 Compatibility options (unused)
1465 Unused compatibility option.
1469 Print help text, then exit.
1472 Print version number, then exit.
1475 Pass argument to the Java runtime.
1477 javac(1), javah(1), ...
1480 File: cp-tools.info, Node: native2ascii Tool, Next: orbd Tool, Prev: gcjh Tool, Up: Other Tools
1482 3.4 The `native2ascii' Tool
1483 ===========================
1488 Set the encoding to use.
1491 Convert from encoding to native.
1495 Print help text, then exit.
1498 Print version number, then exit.
1501 Pass argument to the Java runtime.
1506 File: cp-tools.info, Node: orbd Tool, Next: serialver Tool, Prev: native2ascii Tool, Up: Other Tools
1508 3.5 The `orbd' object request broker daemon
1509 ===========================================
1513 `-ORBInitialPort PORT'
1514 Port on which persistent naming service is to be started.
1517 File in which to store persistent naming service's IOR reference
1520 Directory in which to store persistent data.
1523 Restart persistent naming service, clearing persistent naming
1528 Print help text, then exit.
1531 Print version number, then exit.
1534 Pass argument to the Java runtime.
1539 File: cp-tools.info, Node: serialver Tool, Next: rmid Tool, Prev: orbd Tool, Up: Other Tools
1541 3.6 The `serialver' version command
1542 ===================================
1544 Print the serialVersionUID of the specified classes.
1547 Class path to use to find classes.
1551 Print help text, then exit.
1554 Print version number, then exit.
1557 Pass argument to the Java runtime.
1562 File: cp-tools.info, Node: rmid Tool, Next: rmiregistry Tool, Prev: serialver Tool, Up: Other Tools
1564 3.7 The `rmid' RMI activation system daemon
1565 ===========================================
1567 `rmiregistry' starts a remote object registry on the current host. If
1568 no port number is specified, then port 1099 is used.
1570 Activation process control:
1572 Port on which activation system is to be started.
1575 Restart activation system, clearing persistent naming database, if
1579 Stop activation system.
1583 Make activation system persistent.
1586 Directory in which to store persistent data.
1590 Log binding events to standard out.
1594 Print help text, then exit.
1597 Print version number, then exit.
1600 Pass argument to the Java runtime.
1605 File: cp-tools.info, Node: rmiregistry Tool, Next: tnameserv Tool, Prev: rmid Tool, Up: Other Tools
1607 3.8 The `rmiregistry' Tool
1608 ==========================
1610 `grmiregistry' starts a remote object registry on the current host. If
1611 no port number is specified, then port 1099 is used.
1613 Registry process control:
1615 Restart RMI naming service, clearing persistent naming database, if
1619 Stop RMI naming service.
1623 Make RMI naming service persistent.
1626 Directory in which to store persistent data.
1630 Log binding events to standard out.
1634 Print help text, then exit.
1637 Print version number, then exit.
1640 Pass argument to the Java runtime.
1645 File: cp-tools.info, Node: tnameserv Tool, Prev: rmiregistry Tool, Up: Other Tools
1647 3.9 The `tnameserv' Tool
1648 ========================
1652 `-ORBInitialPort PORT'
1653 Port on which naming service is to be started.
1656 File in which to store naming service's IOR reference.
1660 Print help text, then exit.
1663 Print version number, then exit.
1666 Pass argument to the Java runtime.
1671 File: cp-tools.info, Node: I18N Issues, Prev: Other Tools, Up: Top
1676 Some tools -*note Security Tools::- allow using other than the English
1677 language when prompting the User for input, and outputting messages.
1678 This chapter describes the elements used to offer this support and how
1679 they can be adapted for use with specific languages.
1683 * Language Resources:: Where resources are located
1684 * Message Formats:: How messages are internationalized
1687 File: cp-tools.info, Node: Language Resources, Next: Message Formats, Prev: I18N Issues, Up: I18N Issues
1689 4.1 Language-specific resources
1690 ===============================
1692 The Tools use Java `ResourceBundle's to store messages, and message
1693 templates they use at runtime to generate the message text itself,
1694 depending on the locale in use at the time.
1696 The Resource Bundles these tools use are essentially Java Properties
1697 files consisting of a set of Name/Value pairs. The Name is the Property
1698 Name and the Value is a substitution string that is used when the code
1699 references the associated Name. For example the following is a line in
1700 a Resource Bundle used by the `keytool' Tool:
1702 Command.23=A correct key password MUST be provided
1704 When the tool needs to signal a mandatory but missing key password,
1705 it would reference the property named `Command.23' and the message "`A
1706 correct key password MUST be provided'" will be used instead. This
1707 indirect referencing of "resources" permits replacing, as late as
1708 possible, the English strings with strings in other languages, provided
1709 of course Resource Bundles in those languages are provided.
1711 For the GNU Classpath Tools described in this Guide, the Resource
1712 Bundles are files named `messages[_ll[_CC[_VV]]].properties' where:
1715 Is the 2-letter code for the Language,
1718 Is the 2-letter code for the Region, and
1721 Is the 2-letter code for the Variant of the language.
1723 The complete list of language codes can be found at Code for the
1724 representation of names of languages
1725 (http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt). A similar
1726 list for the region codes can be found at ISO 3166 Codes (Countries)
1727 (http://userpage.chemie.fu-berlin.de/diverse/doc/ISO_3166.html).
1729 The location of the Resource Bundles for the GNU Classpath Tools is
1730 specific to each tool. The next table shows where these files are found
1731 in a standard GNU Classpath distribution:
1734 `gnu/classpath/tools/jarsigner'
1737 `gnu/classpath/tools/keytool'
1739 The collection of Resource Bundles in a location act as an inverted
1740 tree with a parent-child relationship. For example suppose in the
1741 `gnu/classpath/tools/keytool' there are 3 message bundles named:
1743 1. `messages.properties'
1745 2. `messages_fr.properties'
1747 3. `messages_fr_FR.properties'
1749 In the above example, bundle #1 will act as the parent of bundle #2,
1750 which in turn will act as the parent for bundle #3. This ordering is
1751 used by the Java runtime to choose which file to load based on the set
1752 Locale. For example if the Locale is `fr_CH', `messages_fr.properties'
1753 will be used because (a) `messages_fr_CH.properties' does not exist,
1754 but (b) `messages_fr.properties' is the parent for the required bundle,
1755 and it exists. As another example, suppose the Locale was set to
1756 `en_AU'; then the tool will end up using `messages.properties' because
1757 (a) `messages_en_AU.properties' does not exist, (b)
1758 `messages_en.properties' which is the parent for the required bundle
1759 does not exist, but (c) `messages.properties' exists and is the root of
1762 You can see from the examples above that `messages.properties' is
1763 the safety net that the Java runtime falls back to when failing to find
1764 a specific bundle and its parent(s). This file is always provided with
1765 the Tool. In time, more localized versions will be included to cater
1766 for other languages.
1768 In the meantime, if you are willing to contribute localized versions
1769 of these resources, grab the `messages.properties' for a specific tool;
1770 translate it; save it with the appropriate language and region suffix
1771 and mail it to `classpath@gnu.org'.
1774 File: cp-tools.info, Node: Message Formats, Prev: Language Resources, Up: I18N Issues
1779 If you open any of the `messages.properties' described in the previous
1780 section, you may see properties that look like so:
1782 Command.67=Issuer: {0}
1783 Command.68=Serial number: {0,number}
1784 Command.69=Valid from: {0,date,full} - {0,time,full}
1785 Command.70=\ \ \ \ \ until: {0,date,full} - {0,time,full}
1787 These are Message Formats used by the tools to customize a text
1788 string that will then be used either as a prompt for User input or as
1791 If you are translating a `messages.properties' be careful not to
1792 alter text between curly braces.
1798 Node: Applet Tools
\7f3830
1799 Node: appletviewer Tool
\7f4403
1800 Node: gcjwebplugin
\7f7518
1801 Node: Security Tools
\7f7830
1802 Node: jarsigner Tool
\7f8483
1803 Node: Common jarsigner Options
\7f9531
1804 Node: Signing Options
\7f10846
1805 Node: Verification Options
\7f13429
1806 Node: keytool Tool
\7f14017
1807 Node: Getting Help
\7f18445
1808 Node: Common keytool Options
\7f19189
1811 Ref: keysize
\7f20074
1812 Ref: validity
\7f20339
1813 Ref: storetype
\7f20554
1814 Ref: storepass
\7f20885
1815 Ref: keystore
\7f21082
1816 Ref: provider
\7f21625
1818 Ref: verbose
\7f22503
1819 Node: Distinguished Names
\7f22595
1821 Node: Add/Update Commands
\7f23852
1822 Node: Command -genkey
\7f24380
1823 Node: Command -import
\7f26789
1824 Node: Command -selfcert
\7f29933
1825 Node: Command -cacert
\7f32112
1826 Node: Command -identitydb
\7f33165
1827 Node: Export Commands
\7f33823
1828 Node: Command -certreq
\7f34139
1829 Node: Command -export
\7f36545
1830 Node: Display Commands
\7f37742
1831 Node: Command -list
\7f38074
1832 Node: Command -printcert
\7f39207
1833 Node: Management Commands
\7f39591
1834 Node: Command -keyclone
\7f40023
1835 Node: Command -storepasswd
\7f41426
1836 Node: Command -keypasswd
\7f42155
1837 Node: Command -delete
\7f43349
1838 Node: Other Tools
\7f43972
1839 Node: jar Tool
\7f44757
1840 Node: javah Tool
\7f46149
1841 Node: gcjh Tool
\7f47368
1842 Node: native2ascii Tool
\7f48481
1843 Node: orbd Tool
\7f48942
1844 Node: serialver Tool
\7f49672
1845 Node: rmid Tool
\7f50141
1846 Node: rmiregistry Tool
\7f51082
1847 Node: tnameserv Tool
\7f51922
1848 Node: I18N Issues
\7f52412
1849 Node: Language Resources
\7f52914
1850 Node: Message Formats
\7f56578