# keytool - A Rust Command-line Certificate Management Tool
`keytool` is a command-line tool for managing certificates and keys, inspired by the Java `keytool` utility. It provides
functionalities to create, list, import, export, and print certificates stored in keystores such as PKCS#12 files.
This tool is implemented in Rust for performance, safety, and cross-platform support.
---
## Features
- Create new self-signed certificates and key pairs
- Import and export certificates in various formats (DER, PEM, PKCS#12)
- List all entries (aliases) in a keystore
- Print certificate details with options for verbose and RFC (PEM) formats
- Delete and manage entries by alias
- Support for password-protected PKCS#12 keystores
- Compatible with common certificate formats and standards
- Command-line interface modeled after Java `keytool`
---
## Installation
You can build from source using Cargo:
```bash
cargo build --release
```
Or install directly with Cargo:
```bash
cargo install keytool
```
---
## Usage
```text
keytool <command> [options]
```
Commands:
- `-genkeypair` Generate a new key pair and self-signed certificate
- `-list` List all entries in the keystore
- `-importcert` Import a certificate into the keystore
- `-exportcert` Export a certificate from the keystore
- `-delete` Delete an entry from the keystore
- `-printcert` Print certificate information (similar to Java keytool)
- `-help` Display help information
---
### Example: Print Certificate
```bash
keytool -printcert -alias mycert -keystore keystore.p12 -storepass mypassword -v
```
Prints detailed information about the certificate associated with alias `mycert` in the specified PKCS#12 keystore.
Options:
- `-alias <alias>` Specify the alias name of the certificate
- `-keystore <file>` Specify the keystore file (default: `keystore.p12`)
- `-storepass <pass>` Password for the keystore
- `-rfc` Output the certificate in PEM (Base64) format
- `-v` Verbose output showing full certificate details
---
## Commands and Options
### Generate Key Pair (`-genkeypair`)
Generate a new public/private key pair along with a self-signed certificate.
Options:
- `-alias <alias>` Alias name for the new key pair
- `-keyalg <algorithm>` Key algorithm (e.g., RSA, EC)
- `-keysize <size>` Key size in bits (e.g., 2048)
- `-validity <days>` Validity period in days
- `-keystore <file>` Keystore file to store the key pair
- `-storepass <pass>` Keystore password
---
### List Entries (`-list`)
Lists all entries (aliases) stored in the keystore.
Options:
- `-keystore <file>`
- `-storepass <pass>`
---
### Import Certificate (`-importcert`)
Imports a certificate into the keystore under a given alias.
Options:
- `-alias <alias>`
- `-file <certfile>` Certificate file to import (DER or PEM)
- `-keystore <file>`
- `-storepass <pass>`
---
### Export Certificate (`-exportcert`)
Exports a certificate from the keystore to a file.
Options:
- `-alias <alias>`
- `-file <outputfile>`
- `-keystore <file>`
- `-storepass <pass>`
- `-rfc` Export in PEM format
---
### Delete Entry (`-delete`)
Deletes an entry from the keystore.
Options:
- `-alias <alias>`
- `-keystore <file>`
- `-storepass <pass>`
---
## Keystore Formats
Currently, `keytool` supports the PKCS#12 keystore format (`.p12` or `.pfx` files), which is widely compatible with
various platforms and tools.
Support for Java KeyStore (JKS) format may be added in future releases.
---
## License
This project is licensed under the Apache License 2.0. See the [LICENSE](LICENSE) file for details.
---
## Contributing
Contributions, issues, and feature requests are welcome! Feel free to
check [issues](https://github.com/llp/paradown/issues) and submit pull requests.
---
## Disclaimer
This tool is inspired by Java's `keytool` and aims to provide a compatible command-line interface for certificate
management in Rust. However, it is a separate implementation and may have differences or limitations.