Summary

Provide the support for specifying the alias of a signer in the keystore, which is used to sign and generate the certificate in keytool -genkeypair utility.

Problem

The keytool -genkeypair command can not generate an X25519 certificate, X448 certificate, or a DH certificate. This is because all of them are key agreement algorithms, and do not have an associated signature algorithm that can be used to sign and generate their certificates. Note that RFC 8410 section 10.2 [1] provides an example of X25519 certificate using Ed25519 to sign an X25519 public key. The keytool utility needs to be enhanced to create such kind of certificates.

Solution

Provide -signer option in keytool -genkeypair that enables user to specify the alias of a signer. The private key associated with the designated signer is used to sign and generate a key agreement certificate. This -signer option is available to other algorithms supported by the -keyalg option such as RSA, EdDSA, or EC, etc., in addition to key agreement algorithms. The keytool -certreq and -gencert commands will not be enhanced to achieve the same goal. This is because the certificate request must be signed by the owner’s private key.

Specification

Make the following changes to the -genkeypair section in keytool manpage:

@@ -316,6 +316,10 @@ perform.

     -   {`-sigalg` *alg*}: Signature algorithm name

+    -   {`-signer` *alias*}: Signer alias
+
+    -   \[`-signerkeypass` *arg*\]: Signer key password
+
     -   \[`-dname` *name*\]: Distinguished name

     -   {`-startdate` *date*}: Certificate validity start date and time
@@ -349,9 +353,13 @@ perform.

     Use the `-genkeypair` command to generate a key pair (a public key and
     associated private key). Wraps the public key in an X.509 v3 self-signed
-    certificate, which is stored as a single-element certificate chain. This
-    certificate chain and the private key are stored in a new keystore entry
-    that is identified by its alias.
+    certificate, which is stored as a single-element certificate chain.
+    When the `signer` option is specified, the resulting certificate
+    will be signed by the designated signer. Thus it is stored as a
+    multiple-element certificate chain (containing the generated
+    certificate itself, the signer’s certificate, and signer’s chain
+    if exists).  This certificate chain and the private key are stored
+    in a new keystore entry that is identified by its alias.

     The `-keyalg` value specifies the algorithm to be used to generate the key
     pair, and the `-keysize` value specifies the size of each key to be
@@ -363,6 +371,17 @@ perform.
     or predefined name of an Elliptic Curve) of the key to be generated. Only
     one of `-groupname` and `-keysize` can be specified.

+    The `signer` value specifies the alias of a signer that already exists
+    in the keystore. This option is used to sign the certificate with the
+    signer’s private key during its generation. This is especially useful
+    for the key agreement algorithms (i.e. the `-keyalg` value is `XDH`,
+    `X25519`, `X448`, or `DH`) as these algorithms do not have a signing
+    algorithm to sign the certificate.
+
+    The `signerkeypass` value specifies the password of the signer’s private
+    key. It can be specified if the private key of the signer entry is
+    protected by a password different from the store password.
+
     The `-dname` value specifies the X.500 Distinguished Name to be associated
     with the value of `-alias`, and is used as the issuer and subject fields in
     the self-signed certificate. If a distinguished name is not provided at the

Make the following changes to the "Examples of Option Values" section in keytool manpage:

@@ -1269,9 +1288,9 @@ The following examples show the defaults for various option values:
 -alias "mykey"

 -keysize
-    2048 (when using -genkeypair and -keyalg is "RSA", "DSA", or "RSASSA-PSS")
+    2048 (when using -genkeypair and -keyalg is "RSA", "DSA", "RSASSA-PSS", or "DH")
     256 (when using -genkeypair and -keyalg is "EC")
-    255 (when using -genkeypair and -keyalg is "EdDSA")
+    255 (when using -genkeypair and -keyalg is "EdDSA", or "XDH)
     56 (when using -genseckey and -keyalg is "DES")
     168 (when using -genseckey and -keyalg is "DESede")

Note: [1] https://tools.ietf.org/html/rfc8410#section-10.2