The KeyStore Key Management Paradigm

JDK 1.2 offers a new method for key management, based on java.security.KeyStore . A KeyStore is a handy box that holds keys and certificates. One KeyStore contains all the information a single person (or application, or identity) needs for authentication. Usually, you have two distinct uses for authentication:

  • You need to prove to others who you are.

  • You need to make sure that other people are legitimate.

In the first case, you can use a private key to sign data. A certificate that contains the matching public key can be used to prove your identity. In the second case, you can use other people’s certificates to prove to yourself that they are who they say they are. I’ll talk more about certificates in Chapter 6. For now, just think of them as containers for someone’s public key and information about that person.

You may have more than one private/public key pair that you need to manage. For example, you might have a key pair that you use for day-to-day Internet shopping and a different key pair that you use for signing software you’ve written. (The KeyManager class, presented earlier in this chapter, holds only a single key pair.)

A KeyStore contains two types of entries. The first type contains a private key and a chain of certificates that correspond to the matching public key. I’ll call this type of entry a private key entry. This is useful for signing and distributing code and other data. The private key is used to sign data; the certificates ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.