|
MEKeyTool — manage a file (an ME keystore) that contains the public keys of trusted certificate authorities (CAs).
java -jar MEKeyTool.jar -delete [ -MEkeystore MEKeystore ] ( -owner ownerName | -number keyNumber ) [-help] -import [ -MEkeystore MEKeystore ] -alias keyAlias [ -keystore JCAKeystore ] [ -storepass storePassword ] [ -domain domain ] -list [ -MEkeystore MEKeystore ]
The meKeyTool utility manages one or more ME keystores, which are files that hold the public keys of trusted certificate authorities (CAs). It can be used to create a new ME keystore, or to add to, delete from, or list the contents of an existing keystore.
The MEKeyTool gets the public keys to add to an ME keystore from a Java™ Cryptography Architecture (JCA) keystore. Such a keystore is part of the Java 2 Platform, Standard Edition (J2SE™); see the J2SE platform documentation for more information.
Note that the ME keystore and the JCA keystore have different formats. The MEKeyTool cannot be used to manage a JCA keystore. If the MEKeyTool utility is used with a JCA keystore (for example, to try to list its keys), you will receive an error message that the keystore is corrupted. The JCA keystore is not corrupted; it can still be managed with J2SE platform tools. The keystore is just not in a format the MEKeyTool can read.
If it is necessary to replace a key in an ME keystore, the key must be removed and the new key entered. There is not a single command to do a replacement, and the tool does not permit adding a different version of an existing key.
Although the MEKeyTool manages ME keystores of any name, the MIDP Reference Implementation executable expects its ME keystore to be the file midpInstallDir\appdb\_main.ks, where midpInstallDir is the location of the MIDP installation. If there are multiple keystores, make sure the one to be used by MIDP has the name _main.ks in the midpInstallDir\appdb directory before running the MIDP executable.
The following options are supported:
none
Running the tool without options returns the same information as the -help option.
-delete [ -MEkeystore MEKeystore ]
(-owner ownerName | -number keyNumber )
Deletes the key with ownerName or keyNumber from MEKeystore. If MEKeystore is not provided, its default, appdb/_main.ks, is used.
You can provide either ownerName or keyNumber, but not both. You can find the valid values for them by running the MEKeyTool utility with the -list command.
-help
Prints a usage summary.
-import [ -MEkeystore MEKeystore ] -alias keyAlias [ -keystore JCAKeystore ] [ -storepass storePassword ] [ -domain domain ]
Imports a public key from JCAKeystore into MEKeystore, and associates the public key with domain. If JCAKeystore is not provided, its default, userHome\.keystore, is used (where userHome is the user’s home directory). If MEKeystore is not provided, its default, appdb/_main.ks, is used. If domain is not provided, its default, untrusted, is used.
If JCAKeystore requires a password, you must provide storePassword.
-list [ -MEkeystore MEKeystore ]
Lists the number, owner, and validity period, and domain of each key in MEKeystore. If MEKeystore is not provided, the default, appdb/_main.ks, is used.
To see the keys in an ME keystore, use the -list option. Provide the name of the ME keystore if it is not midpInstallDir\appdir\_main.ks, where midpInstallDir is the location of the MIDP installation.
c:\midp2.0fcs> java -jar bin/MEKeyTool.jar -list -MEkeystore c:/myKeys/test_keys.ks
Key 1
Owner: O=Sun Microsystems;C=myserver
Valid from Sat Aug 03 00:43:51 PDT 2002 to Tue Jul 31 00:43:51 PDT 2012
Security Domain: trusted
Adding a key to an ME keystore requires that the key be in a JCA keystore. Provide the password to the JCA keystore if it requires one, and the alias for the key. Also provide the name of the ME keystore if it is not midpInstallDir\appdir\_main.ks, where midpInstallDir is the location of the MIDP installation, and the domain if it should be something other than untrusted.
c:\midp2.0fcs> java -jar bin/MEKeyTool.jar -import -alias dummyca -keystore bin/j2se_test_keystore.bin -storepass keystorepwd -MEkeystore c:/myKeys/test_keys.ks -domain trusted
Deleting a key from an ME keystore requires a key’s number in the ME keystore or its owner, both of which can be obtained by listing the contents of the ME keystore. When deleting a key, provide the name of the ME keystore if it is not midpInstallDir\appdir\_main.ks, where midpInstallDir is the location of the MIDP installation. For example, to delete key number one:
Chapter 4, “Managing Public Keys of Certificate Authorities”
|
Using MIDP MIDP Reference Implementation, Version 2.0 FCS |
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.