The KeyStore Key Management Paradigm
offers a new method for key management, based on
KeyStore is a handy
box that holds keys and certificates. One
contains all the information a single person (or application, or
identity) needs for authentication. Usually, you have two distinct
uses for authentication:
You need to prove to others who you are.
You need to make sure that other people are legitimate.
In the first case, you can use a private key to sign data. A certificate that contains the matching public key can be used to prove your identity. In the second case, you can use other people’s certificates to prove to yourself that they are who they say they are. I’ll talk more about certificates in Chapter 6. For now, just think of them as containers for someone’s public key and information about that person.
You may have more than one private/public key pair that you need to
manage. For example, you might have a key pair that you use for
day-to-day Internet shopping and a different key pair that you use
for signing software you’ve written. (The
KeyManager class, presented earlier in this
chapter, holds only a single key pair.)
KeyStore contains two types of entries. The
first type contains a private key and a chain of certificates that
correspond to the matching public key. I’ll call this type of
entry a private key entry. This is useful for signing and distributing code and other data. The private key is used to sign data; the certificates ...