USAGE:
       java -jar pepk.jar
         --keystore <release_keystore>
         --alias <key_alias>
         --output=<output_file>
         (--rsa-aes-encryption --encryption-key-path=</path/to/encryption_public_key.pem> | --encryptionkey=<encryption_key_hex>)
         [--signing-keystore <keystore> [--signing-key-alias=<alias>]]
         [--include-cert]

pepk (Play Encrypt Private Key) is a tool for exporting private keys from a
Java Keystore and encrypting them for transfer to Google Play as part of
enrolling in App Signing by Google Play.


        REQUIRED FLAGS

--keystore            Path to the keystore containing the private key to export.

--alias               Alias of the private key in the keystore.

--output              File in which to output the encrypted private key.

        OPTIONAL FLAGS

--keystore-pass       Password for the keystore. If not set, will be prompted on
                      the command line.

--key-pass            Password for the key inside the keystore. If not set, the
                      same password as the keystore will be used, or if none was
                      set, it will be prompted on the command line.

--signing-keystore    Path to the keystore containing the private key that will
                      be used for signing the exported encrypted private key.

--signing-key-alias   Alias of the private key used for signing in the
                      signing Keystore. Must be specified if --signing-keystore
                      flag is set.

--rsa-aes-encryption  Use RSA AES Key Wrap encryption for encrypting the
                      private key.

--encryption-key-path Path to the PEM-encoded public key to be used for
                      encrypting the private key. Must be specified if
                      --rsa-aes-encryption is set.

--encryptionkey       Public key to encrypt the private key with. This will be
                      the hex encoded bytes of the public key. The public key
                      is a 4-byte identity followed by a 64-byte P256 point.
                      Must be specified if --rsa-aes-encryption is not set.

--include-cert        Include the public certificate to be exported along with
                      the encrypted private key.

        OTHER OPTIONS

--help                Show this usage page and exit.

--license             Show the license for the tool and exit.