Summary of JDK 1.2 Security Tools

Last Modified: 19 October, 1998

Below is a brief summary of the Security Tools, with links to the more detailed documentation.

The keytool, jar, jarsigner, and Policy Tool tools are available in JDK 1.2 to facilitate various security-related operations. All are command-line tools, except for Policy Tool, which has a graphical user interface. (Note: the jar tool was also available in JDK 1.1.)

The keytool and jarsigner tools replace javakey, which was an interim tool introduced in JDK 1.1. These new tools provide more features than javakey, including the ability to protect the keystore and private keys with passwords, and the ability to verify signed JAR files in addition to generating them. The new keystore architecture replaces the identity database that javakey created and managed. It is possible to import the information from an identity database into a keystore, via a keytool command.

The Tools

keytool (for Solaris) (for Windows)

Use keytool to manage your keystore, for example to

Keys and certificates are used to digitally sign your applications and applets (see jarsigner below). A keystore is a protected database that holds keys and certificates for an enterprise. Access to a keystore is guarded by a password (defined at the time the keystore is created, by the person who creates the keystore, and changeable only when providing the current password). In addition, each private key in a keystore can be guarded by its own password.

jar (for Solaris) (for Windows)

Use the jar tool to create JAR files.

The Java ARchive (JAR) file format enables you to bundle multiple files into a single archive file. Typically a JAR file will contain the class files and auxiliary resources associated with applets and applications. When you want to "digitally sign" code, you use the jar tool to place it in a JAR file and the jarsigner tool to sign the JAR file (after generating or importing appropriate keys into your keystore using keytool).

jarsigner (for Solaris) (for Windows)

Use the jarsigner tool to sign JAR files, or to verify signatures on signed JAR files.

The jarsigner tool accesses a keystore that is created and managed by keytool, when it needs to find the private key and its associated certificate chain to use when signing a JAR file. Since accesses to the keystore and to private keys are protected by passwords, only people who know the passwords will be able to access the key and use it to sign a JAR file. The jarsigner tool prompts for needed passwords.

Policy Tool (for Solaris) (for Windows)

Use the Policy Tool (invoked by using the policytool command) to create and modify the external policy configuration files that define your installation's security policy.

The policy is described in the Security Architecture Specification. Further information is provided in Default Policy Implementation and Policy File Syntax.

This tool has a graphical user interface, so you select buttons and other options rather than type in commands as for the other tools.

Examples of Use of the Tools

Examples of the use of the security tools can be found in the Security in JDK 1.2 trail of the Java Tutorial.

Copyright © 1997-98 Sun Microsystems, Inc. All Rights Reserved.

Please send comments to: This is not a subscription list.
Java Software