O'Reilly logo

Java Security, 2nd Edition by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. Key Management

In this chapter, we’re going to discuss key management and the facilities in Java that enable key management. The problem of key management turns out to be a hard one to solve: there is no universally accepted approach to key management, and although many features in Java (and on the Internet) are available to assist with key management, all key management techniques remain very much works in progress.

Keys are important because they allow us to perform a number of cryptographic operations, from digital signatures to encrypted data streams. We’ll discuss the details of these algorithms in the next few chapters. For now, it’s enough to know that you must provide some sort of key or certificate for many of these algorithms: sometimes you need a private key, sometimes you need a secret key, and sometimes you need a public key contained within a certificate. The purpose of a key management system is to store such keys and allow you to retrieve them programatically (or through certain tools). A key management system may encompass other operations (it may, for example, provide information about the degree to which a particular individual should be trusted), but it exists primarily to serve up keys and certificates.

In this chapter, we’ll discuss Java’s key management system, which is built around the notion of a keystore. Keystores are created and manipulated though an administrative tool (keytool), and there is a Java API that allows you to use keystores programatically. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required