From 0f3abfb5c0ff94552d68ad80bbb58103087fa0bf Mon Sep 17 00:00:00 2001
From: Dirk Dougherty <ddougherty@google.com>
Date: Wed, 26 May 2010 16:08:02 -0700
Subject: Doc change: Suggest min keysize of 2048 for keys.

Change-Id: I6dcfe9aa12338e4ad71db2e6812ce387a75c09f0
---
 docs/html/guide/publishing/app-signing.jd | 37 +++++++++++++++++--------------
 1 file changed, 20 insertions(+), 17 deletions(-)

(limited to 'docs/html')

diff --git a/docs/html/guide/publishing/app-signing.jd b/docs/html/guide/publishing/app-signing.jd
index 39b230b..8c37d7a 100644
--- a/docs/html/guide/publishing/app-signing.jd
+++ b/docs/html/guide/publishing/app-signing.jd
@@ -337,17 +337,6 @@ keys)</td>
 <td><code>-v</code></td><td>Enable verbose output.</td>
 </tr>
 <tr>
-<td><code>-keystore&nbsp;&lt;keystore-name&gt;.keystore</code></td><td>A name
-for the keystore containing the private key.</td>
-</tr>
-<tr>
-<td><code>-storepass &lt;password&gt;</code></td><td><p>A password for the
-keystore.</p><p>As a security precaution, do not include this option 
-in your command line unless you are working at a secure computer.
-If not supplied, Keytool prompts you to enter the password. In this 
-way, your password is not stored in your shell history.</p></td>
-</tr>
-<tr>
 <td><code>-alias &lt;alias_name&gt;</code></td><td>An alias for the key. Only
 the first 8 characters of the alias are used.</td>
 </tr>
@@ -356,6 +345,11 @@ the first 8 characters of the alias are used.</td>
 when generating the key. Both DSA and RSA are supported.</td>
 </tr>
 <tr>
+<td><code>-keysize &lt;size&gt;</code></td><td>The size of each generated key
+(bits). If not supplied, Keytool uses a default key size of 1024 bits. In
+general, we recommend using a key size of 2048 bits or higher. </td>
+</tr>
+<tr>
 <td><code>-dname &lt;name&gt;</code></td><td><p>A Distinguished Name that describes
 who created the key. The value is used as the issuer and subject fields in the
 self-signed certificate. </p><p>Note that you do not need to specify this option
@@ -363,22 +357,31 @@ in the command line. If not supplied, Jarsigner prompts you to enter each
 of the Distinguished Name fields (CN, OU, and so on).</p></td>
 </tr>
 <tr>
+<td><code>-keypass &lt;password&gt;</code></td><td><p>The password for the
+key.</p> <p>As a security precaution, do not include this option in your command
+line. If not supplied, Keytool prompts you to enter the password. In this way,
+your password is not stored in your shell history.</p></td>
+</tr>
+<tr>
 <td><code>-validity &lt;valdays&gt;</code></td><td><p>The validity period for the
 key, in days. </p><p><strong>Note:</strong> A value of 10000 or greater is recommended.</p></td>
 </tr>
 <tr>
-<td><code>-keypass &lt;password&gt;</code></td><td><p>The password for the key.</p>
-<p>As a security precaution, do not include this option 
-in your command line unless you are working at a secure computer.
-If not supplied, Keytool prompts you to enter the password. In this 
-way, your password is not stored in your shell history.</p></td>
+<td><code>-keystore&nbsp;&lt;keystore-name&gt;.keystore</code></td><td>A name
+for the keystore containing the private key.</td>
+</tr>
+<tr>
+<td><code>-storepass &lt;password&gt;</code></td><td><p>A password for the
+keystore.</p><p>As a security precaution, do not include this option in your
+command line. If not supplied, Keytool prompts you to enter the password. In
+this way, your password is not stored in your shell history.</p></td>
 </tr>
 </table>
 
 <p>Here's an example of a Keytool command that generates a private key:</p>
 
 <pre>$ keytool -genkey -v -keystore my-release-key.keystore 
--alias alias_name -keyalg RSA -validity 10000</pre>
+-alias alias_name -keyalg RSA -keysize 2048 -validity 10000</pre>
 
 <p>Running the example command above, Keytool prompts you to provide
 passwords for the keystore and key, and to provide the Distinguished
-- 
cgit v1.1