The `-signer` and `-signerkeypass` options have been added to the `-genkeypair` command of the `keytool` utility. The `-signer` option specifies the keystore alias of a `PrivateKeyEntry` for the signer and the `-signerkeypass` option specifies the password used to protect the signer’s private key. These options allow `keytool -genkeypair` to sign the certificate by using the signer’s private key. This is especially useful for generating a certificate with a key agreement algorithm as its public key algorithm.