GUI replacement for the Java command-line utilities keytool and jarsigner

Release 5.6.0 - 17 May 2025$$$This release includes the following new features; enhancements; translations and bugfixes:$$$$$$KeyStore Password Manager$$$The KeyStore password manager is a new feature that allows to store and manage passwords for keystore files. In combination with the new password generator it is now very easy to create and open keystores without having to type long passwords.$$$$$$The password manager can be used by selecting the checkbox Store this keystores passwords in KSEs password manager when creating a new keystore or opening an existing one. This decision is on a per-keystore basis and it includes all passwords of this keystore; but it can be changed later.$$$$$$On the first use of the password manager; a global password for the password manager must be set. This password is used to encrypt the passwords stored in the password manager.$$$$$$In the preferences dialog a new section has been added for the configuration of both the password manager and the password generator.$$$$$$In the next releases; more configuration options for the password manager will be added.$$$Key Export in JWK Format$$$The JSON Web Key (JWK) format is a JSON representation of cryptographic keys. It is defined in RFC 7517 and is used in many modern web applications.$$$$$$KSE can now export public and private keys in JWK format. Supported are currently RSA and EC keys (no Ed25519).$$$$$$This feature was contributed by tenpertur.$$$$$$Verification of JWT Signatures$$$In one of the last releases; KSE introduced a viewer for JWT (JSON Web Token) files; which can be used via the Examine File or Examine Clipboard menu items.$$$$$$This JWT viewer can now also verify the signatures of JWT files. This is done by pasting a public key in encoded as PEM or Base64 DER into the public key field of the JWT viewer and then clicking the verify button. Supported are RSA and EC keys and the corresponding signature algorithms (RS...; ES... and PS...).$$$$$$This feature was contributed by Jairo Graterón.$$$$$$For more details refer- https://keystore-explorer.org/releases.html$$$

GUI replacement for the Java command-line utilities keytool and jarsigner

GUI replacement for the Java command-line utilities keytool and jarsigner

Release 5.5.3 29 Dec 2023$$$Improvements$$$Comparing certificates - two ways to compare certificates have been added:$$$Side-by-side textual comparison: By selecting two certificates in the main view and choosing Compare in the context menu; a summary of the most important certificate data and an ASN.1 dump of both certificates is displayed side by side and the differences are marked in a contrasting color (contributed by Jairo Graterón).$$$Multiple certificate view dialogs: The certificate viewer dialog is now non-modal; which means several instances of this dialog can be kept open at the same time. This allows to view multiple certificates at the same time (contributed by Piotr Kubiak).$$$Added new configuration options:$$$Size of generated certificate serial number (contributed by dedabob)$$$FlatLaf macOS themes$$$Added functionality to examine JWT in system clipboard (contributed by Afonso Fernandes)$$$Added PBES2 algorithms as encryption options for PKCS#8 export of private keys:$$$PBES2 with SHA-1 and TDES$$$PBES2 with SHA-1 and AES-128$$$PBES2 with SHA-1 and AES-256$$$PBES2 with SHA-256 and AES-256$$$Added export button in private key view dialog (contributed by Jairo Graterón)$$$Added verify button in the CSR view dialog to check its signature$$$Added start of certificate validity as additional optional column for main table view (contributed by Björn Michael)$$$Improved certificate key usage and EKU dialogs by adding tooltips with additional details (contributed by The-Lum):$$$For the key usage extension the number of the bit (for example 0 for digitalSignature)$$$For extended key usage the OID of the key usage$$$Enlarged default size of ASN.1 dump window; hex dumps are now displayed in two columns of 8 bytes instead of one (contributed by The-Lum)$$$Added total number of revoked certs to CRL view$$$Added length info to OCTETSTRING and BITSTRING in ASN1 viewer$$$HTTP redirects for downloads of CRLs and CRTs are now supported (contributed by Jairo Graterón)$$$Made several adjustments to file extensions used as filters in file chooser dialogs and as default extensions for export files. The reasons were to adapt to existing official standards and also to avoid conflicts with other file types (thanks to Sergey Ponomarev for his investigations):$$$Changed default file extension for private key export as DER-encoded PKCS#8 from .pkcs8 to .p8 as this extension was registered with IANA (contributed by Sergey Ponomarev)$$$Changed default file extension for private key export as DER-encoded PKCS#1/ECPrivateKey from .key to .privkey (.key is used for PGP/GPG files and also for Keynote presentations and there seems to be no official file extension for these formats)$$$Changed default file extension for public key export as DER-encoded RFC 5280 SubjectPublicKeyInfo from .pub to .pubkey (.pub is used for MS Publisher files)$$$Changed default file extension for PEM-encoded files to .pem (usually in combination with a prefix for the actual content like .p8.pem or .pubkey.pem)$$$Added .p8; .p8e and .pk8 as file extension filters for selecting / importing PKCS#8 files (contributed by Sergey Ponomarev)$$$Added .pem as file extension filter to all file chooser dialogs that could possibly open PEM files$$$Changed dialogs for key pair generation and signing CSRs to display serial number as hex string$$$Improved certificate chain detection$$$Adjusted password quality meter to show more realistic results$$$Replaced IdenTrusts TSA with QuoVadis$$$Improved handling of invalid PEM files$$$The certificates selection dialog is now resizable$$$Fixed typo in tooltips for public key fingerprint$$$Improved French translation (by The-Lum)$$$Improved German translation$$$Updated third-party libraries to latest versions; BC is now at version 1.77$$$Bug Fixes$$$Fixed handling of GeneralName/OtherName/UPN (reported by Björn Michael)$$$Fixed handling of explicitly specified EC curve parameters (reported by Arnieh)$$$Fixed calende