On Linux what are the allowed `keytool -genkey` *key algorithm*s?
Jun 7, 2:30pm

On Linux (and in general for the Java keytool utility), the allowed key algorithms for the -genkey (or -genkeypair) command depend on the Java version and the installed security providers. However, the most commonly supported and recommended key algorithms are:

Default and Commonly Supported Key Algorithms

  • RSA (Default in most Java versions)
  • DSA (Legacy, less common now)
  • EC (Elliptic Curve, e.g., secp256r1, secp384r1, secp521r1)
  • EdDSA (Ed25519, Ed448 – supported in Java 15+)

How to Check Supported Algorithms

To see the list of available key algorithms on your system, run:

bash
keytool -genkeypair -help

or

bash
keytool -genkey -help

Look for the -keyalg option in the output.

Example Usage

To generate a key pair with a specific algorithm (e.g., RSA):

bash
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore.jks

For EC:

bash
keytool -genkeypair -alias mykey -keyalg EC -keysize 256 -keystore keystore.jks

Notes

  • Java 8 and earlier: RSA and DSA are widely supported; EC requires explicit specification.
  • Java 9+: EC and EdDSA (Ed25519/Ed448) are supported.
  • Keysize: Must match the algorithm (e.g., 2048/4096 for RSA, 256/384/521 for EC).
Jun 7, 2:30pm

This is a shared conversation and may include unverified content that doesn't reflect Mistral AI's views. Login to resume chatting.

Vibe can make mistakes. Check answers. Learn more