'\" t .\" @(#)javakey.1 1.3 98/04/20 SMI; .\" Copyright (c) 1996 Sun Microsystems, Inc. .\" All Rights Reserved. .TH javakey 1 "28 May 1997" .SH NAME javakey \- Java security tool .\" .\" This document was created by saving an HTML file as text .\" from the JavaSoft web site: .\" .\" http://www.javasoft.com:80/products/jdk/1.1/docs/tooldocs/solaris/index.html .\" .\" and adding appropriate troff macros. Because the JavaSoft web site .\" man pages can change without notice, it may be helpful to diff .\" files to identify changes other than new functionality. .\" .SH SYNOPSIS .B javakey [ \f3\-c \f2identity \f1[\f3 true \fP|\f3 false \fP] ] | .if n .ti +5n [ \f3\-cs \f2signer \f1[\f3 true \fP|\f3 false \fP] ] | [ \f3\-dc \f2certfile\f1 ] | .ti +5n [ \f3\-ec \f2idOrSigner certnum certoutfile\f1 ] | .if n .ti +5n [ \f3\-ek \f2idOrSigner pubfile \f1[\f2privfile\f1] ] | .ti +5n [ \f3\-g \f2signer algorithm keysize \f1[\f2pubfile\f1] [\f2privfile\f1] ] | .if n .ti +5n [ \f3\-gc \f2directivefile\f1 ] | .ti +5n [ \f3\-gk \f2signer algorithm keysize \f1[\f2pubfile\f1] [\f2privfile\f1] ] | .if n .ti +5n [ \f3\-gs \f2directivefile jarfile\f1 ] | .ti +5n [ \f3\-ic \f2idOrSigner certsrcfile\f1 ] | [ \f3\-ii \f2idOrSigner\f1 ] | .if n .ti +5n [ \f3\-ik \f2identity keysrcfile\f1 ] | .ti +5n [ \f3\-ikp \f2signer pubfile privfile\f1 ] | [ .B \-l ] | .if n .ti +5n [ \f3\-li \f2idOrSigner\f1 ] | [ \f3\-r \f2idOrSigner\f1 ] | .ti +5n [ \f3\-t \f2idOrSigner \f1[\f3 true \fP|\f3 false \fP] ] .SH DESCRIPTION .IX "Java security tool" "" "Java security tool \(em \fLjavakey\fP" .IX "javakey" "" "\fLjavakey\fP \(em Java security tool" The Java\(tm security tool, .BR javakey , is the Sun security provider command-line tool which is primarily used to generate digital signatures for archive files. A signature verifies that a file came from a specified entity (a signer). In order to generate a signature for a particular file, the signer must first have a public/private key pair associated with it, and also one or more certificates authenticating its public key. Thus, .B javakey is also used to build and manage a persistent database of entities and their keys and certificates, as well as indications as to whether or not each entity is considered trusted. .SS Identities, Signers, and Keys .IX "javakey" "Identities, Signers, and Keys" "\fLjavakey\fP \(em Java security tool" There are two types of entities managed by .BR javakey : identities and signers. .LP Identities are real-world entities such as people, companies, or organizations that have a public key associated with them. An identity may also have associated with it one or more certificates authenticating its public key. A certificate is a digitally signed statement from one entity, saying that the public key of some other entity has a particular value. (See .I Certificates subsection below.) .LP Signers are entities that have private keys in addition to corresponding public keys. Private keys differ from public keys in that they can be used for signing. Prior to signing any files, a signer must have a public and private key pair associated with it, and at least one certificate authenticating its public key. .LP .B javakey can either import existing keys or generate new ones for association with identities and signers. Similarly, you can either import existing certificates or generate new ones. .SS \f2Database Usernames for Identities and Signers\f1 .IX "javakey" "Database Usernames for Identities and Signers" "\fLjavakey\fP \(em Java security tool" All entities (identities and signers) have a username local to the database managed by .BR javakey . A username is specified when you add the entity to the database using the .B \-c (create identity) or .B \-cs (create signer) option. Subsequent .B javakey commands must use this same username to refer to the entity. For example, suppose a trusted signer is created and assigned "duke" as a username, via the following command: .RS 5 .sp 1n .B example% javakey \-cs duke true .sp 1n .RE Then to generate a DSA public/private key pair using a key size of 512 bits for this signer, use the following command: .RS 5 .sp 1n .B example% javakey \-gk duke DSA 512 .sp 1n .RE .SS \f2Associating Trust with Identities and Signers\f1 .IX "javakey" "Associating Trust with Identities and Signers" "\fLjavakey\fP \(em Java security tool" In the Java Developers Kit (JDK 1.1), the client (for example, end user or system administrator) can use .B javakey to declare certain entities to be trusted. .LP The .BR appletviewer (1) allows any downloaded applets in JAR files signed (using \f3javakey\fP) by a trusted entity to run with the same full rights as local applications. That is, such applets are not subject to the sandbox restrictions of the original Java security model. (Please note that the database managed by .B javakey must also hold a copy of a certificate for the public key of the entity that signed the JAR file, so that the signature can be authenticated.) Later releases will provide greater detail in the allowable trust levels. .LP The database managed by .B javakey stores the entity usernames, their certificates, and each entity's trust level. When you add an entity to the database, you can declare it at that time to be either trusted or untrusted (the default). .RS 5 .sp 1n .B example% javakey \-cs duke true .LP .B example% javakey \-cs bob false .LP .B example% javakey \-cs morty .sp 1n .RE The first example creates the signer named .B duke as a trusted entity. The next two create the signers .B bob and .B morty as untrusted. If you don't specify a trust level, then by default, the entity is untrusted. .LP You can later declare a previously untrusted entity to be trusted: .RS 5 .sp 1n .B example% javakey \-t morty true .sp 1n .RE You can also declare a previously trusted entity to be untrusted: .RS 5 .sp 1n .B example% javakey \-t duke false .sp 1n .RE Use .RS 5 .sp 1n .B example% javakey \-ld .sp 1n .RE to see the state of the entire entity database. .br Use .RS 5 .sp 1n .B example% javakey \-li morty .sp 1n .RE to see the state of one entity (in this case, .BR morty ) in the database. .SS Database Location .IX "javakey" "Database Location" "\fLjavakey\fP \(em Java security tool" The database managed by .B javakey is by default stored in a file named .BR identitydb.obj . Since the database may contain private keys, it should be kept in a secure location. The default is for the database to be stored in the user's home directory. If a different name or location (for example, the JDK installation directory) is desired, it can be specified by setting the value of the .B identity.database property in the master security properties file, called .BR java.security . That file resides in the JDK security properties directory, .BR java.home/lib/security ; .B java.home is the directory where the JDK is installed. .LP For example, you could specify the location via the following: .RS 5 .sp 1n .B identity.database=/a/safe/directory/identitydb.obj .sp 1n .RE .SS Certificates .IX "javakey" "Certificates" "\fLjavakey\fP \(em Java security tool" The .B javakey tool lets you import, create, display, and save certificates. A certificate is a digitally signed statement from one entity (a signer), saying that the public key of some other entity has a particular value. If you trust the entity that signed a certificate, you trust that the association in the certificate between the specified public key and another particular entity is authentic. .B javakey currently handles X.509 certificates. The remainder of the examples in this section pertain to X.509 certificates. .SS \f2Generating a Certificate\f1 .IX "javakey" "Generating a Certificate" "\fLjavakey\fP \(em Java security tool" In order to generate a certificate, you must first create a directive file in which you supply .TP 2 \(bu information about the issuer (the signer of the certificate); .TP 2 \(bu information about the subject (the entity whose public key is being authenticated by the certificate); .TP 2 \(bu information about the certificate itself, and, optionally; .TP 2 \(bu the name of the signature algorithm to be used (if you don't want DSA); .TP 2 \(bu the name of a file to which to store a copy of the certificate. .LP Generate a certificate by using the .B \-gc option and specifying a directive file, as in .RS 5 .sp 1n .B example% javakey \-gc dukeCertDirFile .sp 1n .RE The .B javakey tool creates a certificate, using the information supplied in the directive file. It also uses information stored in the database, such as the public key of the entity whose key is to be certified, and the private key of the issuer (required in order to sign the certificate). .LP Here is an example of a certificate directive file, followed by an explanation of the arguments: \f3 .nf # # Information about the issuer (required). # issuer.name=jsmith # # The certificate to use for the signing (required if not self-signed). # issuer.cert=1 # # Information about the subject (required). # subject.name=mlaunay subject.real.name=Marie Launay subject.org.unit=JavaSoft subject.org=Sun Microsystems subject.country=Switzerland # # Information about the certificate (required). # start.date=1 Jan 1997 end.date=15 Jan 1997 serial.number=1001 # # Signature algorithm to be used (required if you don't want DSA used). # signature.algorithm=MD5/RSA # # Name of the file to which to save a copy of the certificate (optional). # out.file=cert.cer .fi \f1 All certificate directive file arguments are required, unless specified otherwise. .TP 15 \f2issuer.name \fPand \f2subject.name\fP Database usernames. .I issuer.name is the name of the signer signing and issuing the certificate. .I subject.name is the name of the entity (identity or signer) whose public key is being authenticated by the issuer of the certificate. .TP 15 .I issuer.cert The issuer's certificate to be used to sign the certificate file, authenticating the subject's public key. Its value should be the number that .B javakey previously assigned to the issuer's certificate when it generated it (or imported it). You can see which numbers .B javakey assigns to certificates by viewing the output of the .B \-ld or .B \-li options. Please note that the .I issuer.cert property is only required if the certificate being generated is not self-signed. (A self-signed certificate is one for which .I issuer.name equals .IR subject.name .) .LP \f2subject.real.name\fP, \f2subject.org.unit\fP, \f2subject.org\fP, and \f2subject.country\fP .RS 15 Name components distinguished by X.500. These components refer to the subject's common name, organizational unit, organization, and country, respectively. .RE .br .ne 7 .TP 15 .IR start.date " and " end.date Strings specifying the certificate's validity start and expiration dates (and optionally, times). The certificate is valid from the start date and time to the end date and time. The start and end date strings can be any strings accepted by the .B java.util Date method that takes a String argument. A date without a time is interpreted as the start of the specified date. .TP .I serial.number The serial number. For a given issuer, this number must be unique, to distinguish this certificate from other certificates signed by the issuer. .TP 15 .I signature.algorithm The name of the signature algorithm to be used to sign the certificate. This argument is optional. If not specified, DSA (Digital Signature Algorithm) is used; in which case, the signer's private and public keys must be for the DSA algorithm. A non-DSA algorithm can only be used if (1) the specified name is a standard algorithm name, (2) there is a statically installed provider supplying an implementation for the algorithm, and (3) the signer's keys are suitable for the specified algorithm. For example, if the value of the .I signature.algorithm property is MD5/RSA or SHA-1/RSA, then the signer's keys must be RSA keys. .TP 15 .I out.file The name of a file to which to save the certificate. This argument is optional. .SS \f2Certificates and Files\fP .IX "javakey" "Certificates and Files" "\fLjavakey\fP \(em Java security tool" Using .BR javakey , it is possible to display, import, and export certificates stored as files. To display a certificate stored in a file, use the .B \-dc option, as in .RS 5 .sp 1n .B example% javakey \-dc certfile.cer .sp 1n .RE This displays information about the certificate stored in the file .BR certfile.cer , showing .TP 2 \(bu the certificate type (currently, X.509v1). .TP 2 \(bu information about the subject. .TP 2 \(bu information about the public key: .RS 5 .TP 2 \(bu the algorithm and its parameters (currently, DSA and its p, q, and g parameter values). .TP 2 \(bu the unparsed key bits. .RE .TP 2 \(bu the certificate validity dates. .TP 2 \(bu information about the issuer. .TP 2 \(bu information about the signature algorithm used. .TP 2 \(bu the certificate serial number, in hexadecimal. .LP To import a certificate from a file, use the .B \-ic option, as in .RS 5 .sp 1n .B example% javakey \-ic joe jcertfile.cer .sp 1n .RE This sample command imports the certificate in the file .B jcertfile.cer and associates it with .BR joe . .LP To export a certificate to a file, use the .B \-ec option, as in .RS 5 .sp 1n .B example% javakey \-ec jane 2 janecertfile.cer .sp 1n .RE This sample command exports certificate #2 of .B jane to the file .BR janecertfile.cer . The certificate number must be the number that .B javakey previously assigned to the certificate when it generated it (or imported it). You can see which numbers .B javakey assigns to certificates by viewing the output of the .B \-ld or the .B \-li options. .SS JAR Files and Digital Signatures .IX "javakey" "JAR Files and Digital Signatures" "\fLjavakey\fP \(em Java security tool" Java ARchive files (JAR files) are a new feature of JDK1.1. This feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. JDK1.1 includes a tool named .BR jar (1) that enables developers to produce JAR files. .LP The .B javakey tool can be used to sign and verify JAR files. (Please note that verification is not yet implemented.) Java licensees are expected to honor the signature generated using .BR javakey . .LP At this time, .B javakey can sign the JAR file using DSA (Digital Signature Algorithm) or, in some cases, the MD5/RSA algorithm. That is, if the signer's public and private keys are DSA keys, .B javakey signs the JAR file using DSA. If the signer's keys are RSA keys, .B javakey tries to sign the JAR file using the MD5/RSA algorithm. This is only possible if there is a statically installed provider supplying an implementation for the MD5/RSA algorithm. .LP For both the DSA and MD5/RSA algorithms, anyone who wants to sign files has both a public key and a private key. The private key is used for signing, and a certificate of the public key is included in the signature file (in a PKCS #7 block). .SS \f2Signing JAR Files\f1 .IX "javakey" "Signing JAR Files" "\fLjavakey\fP \(em Java security tool" Signing a JAR file involves generating a signature for a given signer and including that signature in a given JAR file. It requires the signer to be in the database managed by .BR javakey , along with an associated key pair and at least one X.509 certificate. Like certificate generation, generating a signature is directive-based. Each directive file contains a signer profile. A sample directive file might look like this: .nf \f3 # # JAR signing directive. This is the directive file used by javakey to # sign a JAR file. # # Which signer to use. This signer must be in the database. signer=duke # Certificate number to use for this signer. This determines which # certificate will be included in the PKCS#7 block. This is mandatory # and is 1-based. Its value should be the number that javakey # previously assigned to the signer's certificate when it generated it # (or imported it). You can see which numbers javakey assigns # to certificates by viewing the output of the # -ld or -li javakey option. cert=1 # Certificate chain depth of a chain of certificates to include. This is # currently not supported. chain=0 # The name to give to the generated signature file and associated signature # block. This must be 8 characters or less. # The generated signature file and associated signature block will have # this name, with the .SF and .DSA extensions, respectively. # In this example, the files will be DUKESIGN.SF and DUKESIGN.DSA. signature.file=DUKESIGN # (Optional) The name to give to the signed JAR file. out.file=signedJar.jar .fi \fP Once the JAR file and the directive file have been created, the .B javakey command to sign a JAR file can be used. It is: .RS 5 .sp 1n .B example% javakey \-gs directivefile jarfile .sp 1n .RE where .I directivefile is the absolute name of the directive file, and .I jarfile is the name (and path) of the JAR file. .LP The output of this command is a signed JAR file whose name will be the name specified by the value of the .I out.file property, if any, specified in the directive file. If there is no .I out.file property, the signed JAR file name will be the same as that of the initial JAR file, but with the suffix .BR .sig . .LP The generated .B .SF and .B .DSA files will be added to the signed JAR file, in a META-INF directory. If the base name for these files is DUKESIGN, as in the example above, the files added will be: .TP 2 \(bu META-INF/DUKESIGN.SF .TP 2 \(bu META-INF/DUKESIGN.DSA .LP Any files with these names in the signed JAR file will be overwritten. .br .ne 4 .SH OPTIONS Please note that options may be specified with or without a preceding minus sign (\-). Only one option may be specified per .B javakey command. .br .ne 2 .TP 15 \f3\-c \f2identity \f1[\f3 true \fP|\f3 false \fP] Creates a new identity with database username .IR identity . The optional .B true or .B false designation specifies whether the identity is to be considered trusted. (The default is .BR false .) For example, the following creates an identity named .BR jane , and specifies that she is trusted: .RS 20 .sp 1n .B example% javakey \-c jane true .sp 1n .RE .br .ne 4 .TP 15 \f3\-cs \f2signer \f1[\f3 true \fP|\f3 false \fP] Creates a new signer with database username .IR signer . The optional .B true or .B false designation specifies whether the signer is trusted. (The default is .BR false .) .TP 15 \f3\-dc \f2certfile\f1 Displays the certificate stored in the file .IR certfile . See the .I Certificates and Files subsection. .TP 15 \f3\-ec \f2idOrSigner certnum certoutfile\f1 Exports the certificate numbered .I certnum from the specified identity or signer to the file .IR certoutfile . The certificate number must be the number that .B javakey previously assigned to the certificate when it generated it (or imported it). To see which numbers .B javakey assigns to certificates, view the output of the .B \-ld (for all entities) or .B \-li (for a particular entity) options. .TP 15 \f3\-ek \f2idOrSigner pubfile \f1[\f2privfile\f1] Exports the public key for the specified identity or signer, and optionally the private key (for a signer), to the specified files. The keys must be in X.509 format. .TP 15 \f3\-g \f2signer algorithm keysize \f1[\f2pubfile\f1] [\f2privfile\f1] Shortcut for the .B \-gk command to generate a key pair for .IR signer . .TP 15 \f3\-gc \f2directivefile\f1 Generates a certificate according to the information supplied in .IR directivefile . See .I Generating a Certificate subsection. .TP 15 \f3\-gk \f2signer algorithm keysize \f1[\f2pubfile\f1] [\f2privfile\f1] Generates a key pair (a public key and associated private key) for .I signer using the specified .IR algorithm , generating keys of length .I keysize bits. If a file .I pubfile is specified, the public key is written to that file. If, in addition, a file .I privfile is specified, the private key is written to that file. Do the latter with great care; private keys must remain private or your security system is compromised. .LP .RS 15 The key size limits for the algorithm, if any, are those described in "Appendix B" of .I "The Java Cryptography Architecture API Specification & Reference" . See .B SEE ALSO section below. .LP Please note that .B javakey can always generate DSA (Digital Signature Algorithm) keys. It can generate keys for a different algorithm only if (1) the specified name is a standard key generation algorithm name such as RSA, and (2) there is a statically installed provider supplying an implementation for the specified key generation algorithm. .LP Please note that there is no way to supply algorithm-specific key generation parameters, such as the p, q, or g parameters for the DSA algorithm. .RE .TP 15 \f3\-gs \f2directivefile jarfile\f1 Signs .I jarfile (Java Archive file) according to information supplied in the .IR directivefile . See the .I JAR Files and Digital Signatures subsection. .TP 15 .B \f3\-ic \f2idOrSigner certsrcfile\f1 Imports the public key certificate in the file .IR certsrcfile , associating it with the specified entity (identity or signer). If a public key has already been associated with the entity in the database, .B javakey ensures that it is the same as the public key certified in .IR certsrcfile , and will report an error if not the same. If the entity does not yet have an associated public key, .B javakey creates the association, using the public key in .IR certsrcfile . .br .if t .ne 7 .TP 15 \f3\-ii \f2idOrSigner\f1 Sets information for the specified identity or signer. After you type in an import information command such as .LP .RS 20 .sp 1n .B example% javakey \-ii jane .sp 1n .RE .LP .RS 15 you will be instructed to type as many lines of information as you want to supply for .BR jane , ending with a line containing a single period to signal the end of the information. .RE .TP 15 \f3\-ik \f2identity keysrcfile\f1 Imports the public key in the file .IR keysrcfile , associating it with .BR identity . The key must be in X.509 format. .TP 15 \f3\-ikp \f2signer pubfile privfile\f1 Imports the key pair (the public key in the file .I pubfile and the private key in the file .IR privfile ), associating them with .IR signer . The key must be in X.509 format. .TP 15 .B \-l Lists the usernames of all entities (identities and signers) in the database managed by .BR javakey . .TP 15 .B \-ld Lists and provides detailed information about all entities in the database managed by .BR javakey . .TP 15 \f3\-li \f2idOrSigner\f1 Provides detailed information about the specified identity or signer. .TP 15 \f3\-r \f2idOrSigner\f1 Removes the specified identity or signer from the database. .TP 15 \f3\-t \f2idOrSigner \f1[\f3 true \fP|\f3 false \fP] Sets (or resets) the trust level for the specified identity or signer. .SH EXAMPLES To create a trusted identity called .B jane and a trusted signer called .BR joe , use the following commands: .RS 5 .sp 1n .B example% javakey \-c jane true .br .B example% javakey \-cs joe true .sp 1n .RE Suppose .B jane sends her public key by email to .BR joe and he stores the key in the file named .BR /tmp/jane_pubkey . It must be encoded in X.509/DER format. To import and associate that key with the identity of .B jane in the persistent database managed by .BR javakey ", " joe (or a system administrator) enters the following command: .RS 5 .sp 1n .B example% javakey \-ik jane /tmp/jane_pubkey .sp 1n .RE Let's also assume .B joe has a public and private key pair that he used in another context. He now wants to associate that key pair with his own username identifier in the database. He does this with the following command, assuming that the public key is stored in .B /tmp/joe_pubkey and the private key in .BR /tmp/joe_privkey : .RS 5 .sp 1n .B example% javakey \-ikp joe /tmp/joe_pubkey /tmp/joe_privkey .sp 1n .RE The keys must both be in X.509 format. They must be for the same algorithm, of course. .LP To generate a new key pair for .B joe instead of using an existing key pair, the following command can be used: .RS 5 .sp 1n .B example% javakey \-gk joe DSA 512 /tmp/joe_pubkey .sp 1n .RE This command creates a DSA key pair, with 512-bit keys, and associates it with .BR joe . The .B \-gk command also optionally saves a copy of the public key in a file. The example uses the file .BR /tmp/joe_pubkey . One reason .B joe might want to save the public key in a file is so that he can mail a copy of it to .B jane or anyone else who needs it (for example, to verify the digital signatures of .BR joe ). This command also optionally lets .B joe specify a file to which to save the private key, if needed. However, saving the private key to a file should be done with great care. .LP Before .B joe can sign any files, he must have one or more certificates associated with him, authenticating his public key. In order to generate a certificate for him, a directive file must first be created, specifying various information about .B joe and about the certificate issuer, the certificate's validity dates, and so forth. Suppose such a file has been generated (see .I Certificates subsection), and its name is .BR joeCertDirectiveFile , in the .B /tmp directory. A certificate for .B joe can then be generated by the command .RS 5 .sp 1n .B example% javakey \-gc /tmp/joeCertDirectiveFile .sp 1n .RE As described in the .I "JAR Files and Digital Signatures" subsection, signing a JAR file also requires the use of a directive file providing information required for the signature, such as the signer name and the number of the certificate to use for that signer. The command to sign the JAR file named .BR jarfileA.jar , using the directive file .B joeJarDirectiveFile is: .RS 5 .sp 1n .B example% javakey \-gs joeJarDirectiveFile jarfileA.jar .sp 1n .RE .SH ATTRIBUTES See .BR attributes (5) for a description of the following attributes: .sp .TS box; cbp-1 | cbp-1 l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE = Availability SUNWjvdev .TE .SH SEE ALSO .BR appletviewer (1), .BR jar (1) .TP 10 \f2Using javakey\fP, a short self-contained introductory tutorial. http://java.sun.com/security/usingJavakey.html: .TP 10 \f2JDK 1.1-Signed Applet Example\fP, a signing experiment demo. http://java.sun.com/security/signExample/: .TP 10 \f2Java Cryptography Architecture API Specification & Reference\fP http://java.sun.com/products/jdk/1.1/docs/guide/security/CryptoSpec.html .TP 10 For information on related topics, use the search link @ http://java.sun.com/