I'm trying to create a keystore using keytool with a keyalg ECC.

This should be possible according to Oracle. I quote:

Area: Tools

Synopsis: The keytool and jarsigner tools now support the ECC algorithm in keypair generation and jar signing.

RFE: 6870812

I'm using the 32-bit version 1.7.0_07, and I've tried keytool with -keyalg ECC, ECIES, ECDSA,... but I always get Cannot derive signature algorithm.

Am I using the wrong Java version? Am I using the wrong name for ECC?

Here is the source for the algorithm selection. The allowed values are DSA, RSA and EC. These values are not documented anywhere as far as I can tell.

I believe you have to install the unlimited strength policy for JCE to work with all algorithims. If you haven't done so already, it's at the bottom of this page: http://www.oracle.com/technetwork/java/javase/downloads/index.html