changeset 9135:b822fa97c67a

8027844: Remove the JDK 1.1 compatibility part in jarsigner doc Reviewed-by: weijun
author rgallard
date Thu, 12 Dec 2013 22:26:08 -0800
parents d31cd980e1da
children 32cc35351303
files src/bsd/doc/man/jarsigner.1 src/linux/doc/man/jarsigner.1 src/solaris/doc/sun/man/man1/jarsigner.1
diffstat 3 files changed, 3 insertions(+), 531 deletions(-) [+]
line wrap: on
line diff
--- a/src/bsd/doc/man/jarsigner.1	Tue Dec 10 15:20:46 2013 -0800
+++ b/src/bsd/doc/man/jarsigner.1	Thu Dec 12 22:26:08 2013 -0800
@@ -308,11 +308,7 @@
 .nf     
 \f3KEVIN\&.DSA\fP
 .fi     
-.nf     
-\f3\fR
-.fi     
 .sp     
-\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
 .SH OPTIONS    
 The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
 .TP 0.2i    
@@ -443,7 +439,7 @@
 .br
 If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
 
-The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
+The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
 .TP
 -certchain \fIfile\fR
 .br
@@ -797,178 +793,6 @@
 .fi     
 .sp     
 If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
-.SS VERIFICATION\ THAT\ INCLUDES\ IDENTITY\ DATABASE\ SIGNERS    
-If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
-.PP
-When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
-.sp     
-.nf     
-\f3    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile\&.jar\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST\&.MF\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.DSA\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.DSA\fP
-.fi     
-.nf     
-\f3   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile\&.html\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      X\&.509, CN=Jane Smith, OU=Java Software, O=Oracle, L=cup, S=ca, C=us (jane)\fP
-.fi     
-.nf     
-\f3      X\&.509, CN=Duke, OU=Java Software, O=Oracle, L=cup, S=ca, C=us [duke]\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      s = signature was verified\fP
-.fi     
-.nf     
-\f3      m = entry is listed in manifest\fP
-.fi     
-.nf     
-\f3      k = at least one certificate was found in keystore\fP
-.fi     
-.nf     
-\f3      i = at least one certificate was found in identity scope\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3    jar verified\&.\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.sp     
-\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
-.SH JDK\ 1\&.1\ COMPATIBILITY    
-The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
-.PP
-The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
-.TP 0.2i    
-\(bu
-It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
-.SS UNSIGNED\ JARS    
-Unsigned JARs have the default privileges that are granted to all code\&.
-.SS SIGNED\ JARS    
-Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
-.PP
-Default Privileges Granted to All Code
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Default Privileges and Policy File Privileges Granted
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 2 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-All Privileges Granted
-
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Notes Regarding Privileges of Signed JARs
-.TP 0.4i    
-1\&.
-If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
-.TP 0.4i    
-2\&.
-The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
-.TP 0.4i    
-3\&.
-Untrusted identities are ignored in the Java platform\&.
 .SH SEE\ ALSO    
 .TP 0.2i    
 \(bu
--- a/src/linux/doc/man/jarsigner.1	Tue Dec 10 15:20:46 2013 -0800
+++ b/src/linux/doc/man/jarsigner.1	Thu Dec 12 22:26:08 2013 -0800
@@ -308,11 +308,7 @@
 .nf     
 \f3KEVIN\&.DSA\fP
 .fi     
-.nf     
-\f3\fR
-.fi     
 .sp     
-\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
 .SH OPTIONS    
 The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
 .TP 0.2i    
@@ -443,7 +439,7 @@
 .br
 If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
 
-The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
+The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
 .TP
 -certchain \fIfile\fR
 .br
@@ -797,178 +793,6 @@
 .fi     
 .sp     
 If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
-.SS VERIFICATION\ THAT\ INCLUDES\ IDENTITY\ DATABASE\ SIGNERS    
-If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
-.PP
-When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
-.sp     
-.nf     
-\f3    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile\&.jar\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST\&.MF\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.DSA\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.DSA\fP
-.fi     
-.nf     
-\f3   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile\&.html\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      X\&.509, CN=Jane Smith, OU=Java Software, O=Oracle, L=cup, S=ca, C=us (jane)\fP
-.fi     
-.nf     
-\f3      X\&.509, CN=Duke, OU=Java Software, O=Oracle, L=cup, S=ca, C=us [duke]\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      s = signature was verified\fP
-.fi     
-.nf     
-\f3      m = entry is listed in manifest\fP
-.fi     
-.nf     
-\f3      k = at least one certificate was found in keystore\fP
-.fi     
-.nf     
-\f3      i = at least one certificate was found in identity scope\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3    jar verified\&.\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.sp     
-\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
-.SH JDK\ 1\&.1\ COMPATIBILITY    
-The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
-.PP
-The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
-.TP 0.2i    
-\(bu
-It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
-.SS UNSIGNED\ JARS    
-Unsigned JARs have the default privileges that are granted to all code\&.
-.SS SIGNED\ JARS    
-Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
-.PP
-Default Privileges Granted to All Code
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Default Privileges and Policy File Privileges Granted
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 2 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-All Privileges Granted
-
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Notes Regarding Privileges of Signed JARs
-.TP 0.4i    
-1\&.
-If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
-.TP 0.4i    
-2\&.
-The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
-.TP 0.4i    
-3\&.
-Untrusted identities are ignored in the Java platform\&.
 .SH SEE\ ALSO    
 .TP 0.2i    
 \(bu
--- a/src/solaris/doc/sun/man/man1/jarsigner.1	Tue Dec 10 15:20:46 2013 -0800
+++ b/src/solaris/doc/sun/man/man1/jarsigner.1	Thu Dec 12 22:26:08 2013 -0800
@@ -308,11 +308,7 @@
 .nf     
 \f3KEVIN\&.DSA\fP
 .fi     
-.nf     
-\f3\fR
-.fi     
 .sp     
-\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
 .SH OPTIONS    
 The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
 .TP 0.2i    
@@ -443,7 +439,7 @@
 .br
 If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
 
-The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
+The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
 .TP
 -certchain \fIfile\fR
 .br
@@ -797,178 +793,6 @@
 .fi     
 .sp     
 If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
-.SS VERIFICATION\ THAT\ INCLUDES\ IDENTITY\ DATABASE\ SIGNERS    
-If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
-.PP
-When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
-.sp     
-.nf     
-\f3    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile\&.jar\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST\&.MF\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.DSA\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.DSA\fP
-.fi     
-.nf     
-\f3   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile\&.html\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      X\&.509, CN=Jane Smith, OU=Java Software, O=Oracle, L=cup, S=ca, C=us (jane)\fP
-.fi     
-.nf     
-\f3      X\&.509, CN=Duke, OU=Java Software, O=Oracle, L=cup, S=ca, C=us [duke]\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      s = signature was verified\fP
-.fi     
-.nf     
-\f3      m = entry is listed in manifest\fP
-.fi     
-.nf     
-\f3      k = at least one certificate was found in keystore\fP
-.fi     
-.nf     
-\f3      i = at least one certificate was found in identity scope\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3    jar verified\&.\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.sp     
-\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
-.SH JDK\ 1\&.1\ COMPATIBILITY    
-The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
-.PP
-The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
-.TP 0.2i    
-\(bu
-It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
-.SS UNSIGNED\ JARS    
-Unsigned JARs have the default privileges that are granted to all code\&.
-.SS SIGNED\ JARS    
-Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
-.PP
-Default Privileges Granted to All Code
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Default Privileges and Policy File Privileges Granted
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 2 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-All Privileges Granted
-
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Notes Regarding Privileges of Signed JARs
-.TP 0.4i    
-1\&.
-If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
-.TP 0.4i    
-2\&.
-The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
-.TP 0.4i    
-3\&.
-Untrusted identities are ignored in the Java platform\&.
 .SH SEE\ ALSO    
 .TP 0.2i    
 \(bu