In this chapter, we’re going to discuss key management and the facilities in Java that enable key management. The problem of key management turns out to be a hard one to solve: there is no universally accepted approach to key management, and although many features in Java (and on the Internet) are available to assist with key management, all key management techniques remain very much works in progress.

Keys are important because they allow us to perform a number of cryptographic operations, from digital signatures to encrypted data streams. We’ll discuss the details of these algorithms in the next few chapters. For now, it’s enough to know that you must provide some sort of key or certificate for many of these algorithms: sometimes you need a private key, sometimes you need a secret key, and sometimes you need a public key contained within a certificate. The purpose of a key management system is to store such keys and allow you to retrieve them programatically (or through certain tools). A key management system may encompass other operations (it may, for example, provide information about the degree to which a particular individual should be trusted), but it exists primarily to serve up keys and certificates.

In this chapter, we’ll discuss Java’s key management system, which is built around the notion of a keystore. Keystores are created and manipulated though an administrative tool (keytool), and there is a Java API that allows you to use keystores programatically. ...