A major mode for viewing and managing (java) keystores in Emacs.
This mode uses the keytool command, which comes with OpenJDK JRE.
Make sure it is installed and available on the PATH.
The package keystore-mode is available on the MELPA repository.
After MELPA is setup, as explained here it can be installed with
M-x package-install RET keystore-mode RET
Or alternatively using use-package in your init.el
(use-package keystore-mode)There are several ways to open a buffer in keystore-mode.
Create a new keystore with M-x keystore-genkeypair. This command will prompt
the user for certificate parameters. After the key and the certificate are
generated, the keystore is displayed in a new buffer with keystore-mode.
Or create a new keystore with M-x keystore-genseckey. This command will
prompt the user for key parameters. After the key is generated, the key is
displayed in a new buffer with keystore-mode.
Alternatively you can create an empty keystore with M-x
keystore-empty. This command will prompt for a keystore filename and a
keystore password (twice), and create that keystore. By default it will not
overwrite existing files, this behaviour can be overridden with the
universal argument, i.e. C-u M-x keystore-empty.
Open an existing keystore with M-x keystore-visit. After selecting the keystore
file, you’re asked to enter the keystore password. This password is stored in a
buffer local variable. It is recommended to kill the buffer (bound to q)
directly after you’re done with the keystore.
Following emacs’ philosophy, a backup of the keystore is created before any
command is executed that modifies the keystore. In contrast to normal
buffers, this is being done by the backup-buffer function because all
keystore modifications are performed on the file system by the keytool
command, and not on the contents of the buffer itself.
As a consequence the backups will be created following customizations of the
backup group, however hooks like before-save-hook and after-save-hook
are not executed. So customizations based on those hooks (f.e. like proposed
on the wiki) will not have any effect here.
The mode defines the following keybindings:
| Key | Command | Description |
|---|---|---|
d | keystore-toggle-mark-delete | Mark or unmark entry under point for deletion |
x | keystore-execute | Execute marked changes (deletes) guarded by y-or-n-p |
c | keystore-changealias | Change alias for entry under point using keytool -changealias |
e | keystore-exportcert | Export certificate for entry under point using keytool -exportcert |
Gp | keystore-genkeypair-list | Generate a new key pair with self-signed certifiate using keytool -genkeypair |
Gs | keystore-genseckey-list | Generate a new secure key using keytool -genseckey |
P | keystore-printcert | Create new buffer with certificate defailt using keytool -printcert |
ib | keystore-importcert-buffer | Import certificate from buffer using keytool -importcert |
if | keystore-importcert-file | Import certificate from file using keytool -importcert |
I | keystore-importkeystore | Import a full keystore from file usig keytool -importkeystore |
l | keystore-list | Open new buffer with output of keytool -list |
r | keystore-list-rfc | Open new buffer with output of keytool -list -rfc |
R | keystore-revisit | Completely reload current keystore, to refresh customizations |
s | keystore-certreq | Generate a CSR file for key under point with keytool -certreq |
S | keystore-gencert | Generate a certificate for CSR file with keytool -gencert |
v | keystore-list-verbose | Open new buffer with output of keytool -list -v |
q | kill-this-buffer | Kill the buffer and any local variables |
The keystore-list-rfc command opens a buffer where the certificates are folded (using origami.el).
The folding can be toggled with the <TAB> key.
keystore-mode is customizable in the customization group keystore-mode
(M-x customize-group RET keystore-mode RET). For example the following
configuration shows SHA1 fingerprint instead of SHA256 and adds the validity
dates of certificates.
(custom-set-variables
'(keystore-display-columns
'(("fingerprint (SHA1)" 40 nil)
("type" 20 t)
("alias" 64 t)
("Valid from" 32 nil)
("Valid until" 0 nil))))To apply new customizations to existing keystore buffers, use
keystore-revisit.
Make sure that you’ve configured locales correctly on your system. For example for UTF-8:
sudo update-locale LC_ALL=en_US.UTF-8- [ ] Add support for
openssland make it a more generic/versatile keystore/certificate management tool. - [X] Backup the keystore before making changes to it.
- [X] Detect incorrect entered keystore passwords, and re-prompt the user.
- [ ] Currently generated keys get the keystore password, allow setting other passwords on keys.
- [X] Use
call-processorprocess-fileto invokekeytool - [ ] Make keystore-mode play nice with TRAMP, to allow managing remote keystores.
I am open to any kind of feedback via issues.
For bug-fixes and/or new features, open a pull-request. Please create or update
testcases for your changes, and make sure to add yourself to the AUTHORS file.
This repository provides a Caskfile for development purposes.
Tests are created with ecukes. The testsuite can be run with the following command:
cask exec ecukes