keypasswd

-keypasswd [-all] {-alias alias} [-keypass old_keypass] [-new new_keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerName provider_name} {-providerClass provider_class_name {-providerArg provider_arg}} {-v} {-Jjavaoption}

Changes the password under which the private/secret key identified by alias is protected, from old_keypass to new_keypass, which must be at least 6 characters long.

If the -keypass option is not provided at the command line, and the key password is different from the keystore password, the user is prompted for it.

If the -new option is not provided at the command line, the user is prompted for it.

If the -all option is provided, the passwords for all the keys in the file with the given keypass will be changed. This is IBM only.

RACF® keystores do not store passwords in keyring entries, so no password is used for a RACF keystore entry. Therefore, the -keypasswd command is not supported for RACF keystores. Also, note that the -keypasswd command is not supported for PKCS12 keystores.

Typical usage looks like:

keytool -all -keypasswd -keystore keystorefile -keypass keypass