keytool - A Rust Command-line Certificate Management Tool

keytool is a command-line tool for managing certificates and keys, inspired by the Java keytool utility. It provides functionalities to create, list, import, export, and print certificates stored in keystores such as PKCS#12 files.

This tool is implemented in Rust for performance, safety, and cross-platform support.

Features

• Create new self-signed certificates and key pairs
• Import and export certificates in various formats (DER, PEM, PKCS#12)
• List all entries (aliases) in a keystore
• Print certificate details with options for verbose and RFC (PEM) formats
• Delete and manage entries by alias
• Support for password-protected PKCS#12 keystores
• Compatible with common certificate formats and standards
• Command-line interface modeled after Java keytool

Installation

You can build from source using Cargo:

cargo build --release

Or install directly with Cargo:

cargo install keytool

Usage

keytool <command> [options]

Commands:

• -genkeypair Generate a new key pair and self-signed certificate
• -list List all entries in the keystore
• -importcert Import a certificate into the keystore
• -exportcert Export a certificate from the keystore
• -delete Delete an entry from the keystore
• -printcert Print certificate information (similar to Java keytool)
• -help Display help information

Example: Print Certificate

keytool -printcert -alias mycert -keystore keystore.p12 -storepass mypassword -v

Prints detailed information about the certificate associated with alias mycert in the specified PKCS#12 keystore.

Options:

• -alias <alias> Specify the alias name of the certificate
• -keystore <file> Specify the keystore file (default: keystore.p12)
• -storepass <pass> Password for the keystore
• -rfc Output the certificate in PEM (Base64) format
• -v Verbose output showing full certificate details

Commands and Options

Generate Key Pair (-genkeypair)

Generate a new public/private key pair along with a self-signed certificate.

Options:

• -alias <alias> Alias name for the new key pair
• -keyalg <algorithm> Key algorithm (e.g., RSA, EC)
• -keysize <size> Key size in bits (e.g., 2048)
• -validity <days> Validity period in days
• -keystore <file> Keystore file to store the key pair
• -storepass <pass> Keystore password

List Entries (-list)

Lists all entries (aliases) stored in the keystore.

Options:

• -keystore <file>
• -storepass <pass>

Import Certificate (-importcert)

Imports a certificate into the keystore under a given alias.

Options:

• -alias <alias>
• -file <certfile> Certificate file to import (DER or PEM)
• -keystore <file>
• -storepass <pass>

Export Certificate (-exportcert)

Exports a certificate from the keystore to a file.

Options:

• -alias <alias>
• -file <outputfile>
• -keystore <file>
• -storepass <pass>
• -rfc Export in PEM format

Delete Entry (-delete)

Deletes an entry from the keystore.

Options:

• -alias <alias>
• -keystore <file>
• -storepass <pass>

Keystore Formats

Currently, keytool supports the PKCS#12 keystore format (.p12 or .pfx files), which is widely compatible with various platforms and tools.

Support for Java KeyStore (JKS) format may be added in future releases.

License

This project is licensed under the Apache License 2.0. See the LICENSE file for details.

Contributing

Contributions, issues, and feature requests are welcome! Feel free to check issues and submit pull requests.

Disclaimer

This tool is inspired by Java's keytool and aims to provide a compatible command-line interface for certificate management in Rust. However, it is a separate implementation and may have differences or limitations.