The Identity Key Management Paradigm
JDK 1.1’s solution to the thorny
problem of key management is a set of classes clustered around
java.security.Identity. The
javakey command-line utility is based on
java.security.IdentityScope
, a subclass of
Identity. You can read about
javakey
in Appendix D. In JDK
1.2, identity-based key management is replaced by keystore-based key
management, which we’ll discuss later in this chapter.
javakey is replaced by
keytool
, which we’ll also be discussing
later. Both approaches have their merits, and I’ll cover each
of them in this chapter.
JDK
1.1’s approach to key management centers around the
Identity
class, which represents something that possesses a public key. An
IdentityScope represents a group of
Identity objects.
IdentityScopes can contain other, nested
IdentityScopes. Finally, an extension of
Identity,
java.security.Signer
, is an Identity
that also possesses a private
key. Figure 5.1 shows an
example. The large IdentityScope (Marian’s
computer) contains a
Signer
, Marian, and an
Identity, Sheriff. It also contains another
IdentityScope, Merry Men. This
IdentityScope contains three
Identity objects, one each for Will, Tuck, and
Robin. Each Identity contains a
PublicKey and other relevant information (name,
address, phone number, etc.). Each Signer contains
a matched PublicKey and
PrivateKey and other useful information.
 |
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
