On Wed, 1 Jul 2026 13:24:11 GMT, Daisuke Yamazaki <[email protected]> wrote:

> This cleans up outdated JKS references in the `keytool` man page.
> The `jarsigner` man page had the same kind of outdated references, so this 
> also updates them.
> 
> References to JKS as an existing built-in keystore implementation are left 
> unchanged.
> 
> ---------
> - [x] I confirm that I make this contribution in accordance with the [OpenJDK 
> Interim AI Policy](https://openjdk.org/legal/ai).

src/java.base/share/man/keytool.md line 1201:

> 1199:     option is specified but `ks_file` doesn't exist, then it is 
> created. For
> 1200:     more information on keystore types and implementations, see the
> 1201:     **KeyStore Implementation** section in **KeyStore aliases**.

"KeyStore aliases" is a separate section and is not relevant. Please change 
this to "**KeyStore implementation** section in [Terms]."

You can use a hyperlink for Terms with brackets as above. I also lower-cased 
"implementation" because that is its title in Terms.

src/java.base/share/man/keytool.md line 1893:

> 1891:     named `JKS`. It protects each private key with its individual 
> password, and
> 1892:     also protects the integrity of the entire keystore with a (possibly
> 1893:     different) password.

Just like my comment in jarsigner, we should remove the last 2 sentences of 
this paragraph.

src/java.base/share/man/keytool.md line 1953:

> 1951:     the line to the following:
> 1952: 
> 1953:     >   `keystore.type=jks`

Just like my comment in jarsigner, we should remove this example.

src/java.base/share/man/keytool.md line 2160:

> 2158:     The `cacerts` file represents a system-wide keystore with CA 
> certificates.
> 2159:     System administrators can configure and manage that file with the 
> `keytool`
> 2160:     command by specifying `pkcs12` as the keystore type. The `cacerts` 
> keystore

We can just remove this line, as the keystore type can be detected w/o having 
to specify the type. This may have been a leftover when we changed the default 
keystore type to PKCS12 before changing the cacerts keystore from JKS to PKCS12.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31740#discussion_r3560837569
PR Review Comment: https://git.openjdk.org/jdk/pull/31740#discussion_r3560858216
PR Review Comment: https://git.openjdk.org/jdk/pull/31740#discussion_r3560868056
PR Review Comment: https://git.openjdk.org/jdk/pull/31740#discussion_r3560884855

Reply via email to