Hi, I'm trying to understand what the -providerName option of keytool does. The documentation for -providerName just says:
"Used to identify a cryptographic service provider's name when listed in the security properties file." Which doesn't really say anything about how it should be used and the resulting behavior. I looked at the latest Java 9 source code for keytool, the only 2 places that I see that uses providerName are a. Getting an instance of the keystore, with: KeyStore.getInstance(storetype, providerName); b. Getting an instance of key pair generator, with: new CertAndKeyGen(keyAlgName, sigAlgName, providerName); It looks like all other calls in keytool that requires the services of a provider does not use providerName, so it defaults to looking up the matching provider from the providers list. This behavior doesn't seem very clear cut to me. I think -providerName should used to either: 1. Specify the provider of the keystore only. All other services used by keytool that requires a provider will look up the provider using the default providers list. 2. Specify the provider of all services used by keytool that requires a provider, including keystore. I just want to understand what the intended behavior should be. Thanks, Michael Wang