The Identity Key Management Paradigm

JDK 1.1’s solution to the thorny problem of key management is a set of classes clustered around java.security.Identity. The javakey command-line utility is based on java.security.IdentityScope , a subclass of Identity. You can read about javakey in Appendix D. In JDK 1.2, identity-based key management is replaced by keystore-based key management, which we’ll discuss later in this chapter. javakey is replaced by keytool , which we’ll also be discussing later. Both approaches have their merits, and I’ll cover each of them in this chapter.

JDK 1.1’s approach to key management centers around the Identity class, which represents something that possesses a public key. An IdentityScope represents a group of Identity objects. IdentityScopes can contain other, nested IdentityScopes. Finally, an extension of Identity, java.security.Signer , is an Identity that also possesses a private key. Figure 5.1 shows an example. The large IdentityScope (Marian’s computer) contains a Signer , Marian, and an Identity, Sheriff. It also contains another IdentityScope, Merry Men. This IdentityScope contains three Identity objects, one each for Will, Tuck, and Robin. Each Identity contains a PublicKey and other relevant information (name, address, phone number, etc.). Each Signer contains a matched PublicKey and PrivateKey and other useful information.

Identity-based key management
Figure 5-1. Identity-based ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.