Below is a brief summary of the Security Tools, with links to
the more detailed documentation.
The keytool, jar, jarsigner, and
Policy Tool tools are available in JDK 1.2 to facilitate various
security-related operations. All are command-line tools, except for
Policy Tool, which has a graphical user interface.
(Note: the jar tool was also available in JDK 1.1.)
The keytool and jarsigner tools replace
javakey, which was an interim tool introduced in JDK 1.1.
These new tools provide more features than javakey,
including the ability to protect the keystore and private keys
with passwords, and the ability to verify signed JAR files in addition
to generating them. The new
keystore architecture replaces the identity database that javakey
created and managed. It is possible to import the information from
an identity database into a keystore, via a keytool command.
Use keytool to manage your keystore, for example to
create public/private key pairs
requests (which you send to the appropriate Certification Authority)
import certificate replies (obtained from the Certification Authority
designate public keys belonging to other parties as
Keys and certificates are
used to digitally sign your applications and applets (see
jarsigner below). A keystore is
a protected database that holds keys and certificates for an enterprise.
Access to a keystore is guarded by a password (defined at the time
the keystore is created, by the person who creates the keystore, and
changeable only when providing the current password). In
addition, each private key in a keystore can be guarded by
its own password.
The Java ARchive (JAR) file format enables you to bundle multiple files
into a single archive file. Typically a JAR file will contain the class files
and auxiliary resources associated with applets and applications. When you
want to "digitally sign" code, you use the jar tool to place it
in a JAR file and the jarsigner tool to sign the JAR file
(after generating or importing appropriate keys into your keystore using
Use the jarsigner tool to sign JAR files, or to verify signatures on
signed JAR files.
The jarsigner tool accesses a keystore that is created and
managed by keytool, when it needs to find
the private key and its associated certificate chain
to use when signing a JAR file. Since accesses to the
keystore and to private keys are protected by passwords, only
people who know the
passwords will be able to access the key and use it to sign
a JAR file. The jarsigner tool prompts for needed passwords.