- both crypto key generation tools
- Keytool is a tool that comes with Java that works with KeyStores – it can create KeyStores and manipulate keys and certificates inside them. It can also create keys and sign certificates.
It is a key generation and a KeyStore-file-administration tool.
- OpenSSL works with standard formats (PEM/CER/CRT/PKCS/etc) but does not manipulate KeyStore files. It is possible to generate a key and/or certificate with OpenSSL, and then import that key/cert into a KeyStore using keytool, but you can’t put the key/cert into the KeyStore directly using OpenSSL.
- OpenSSL has additional functionality like
- performing symmetric encryption,
- acting as an SSL network client and server,
- handling more formats.