keytool gives us the ability to create keys, obtain
certificates, and so on. Now we’ll turn our attention to using
the key management facilities programatically: if you need to create
a digital signature, you’ll use the key management API to
locate the correct key. Similarly, you may choose to store secret
keys for data encryption in the keystore. The key management API
allows us to read and write keystores and their entries.
In addition, the implementation of
certain limitations: it cannot create entries that store secret keys,
and it is difficult to share the keys in a
keytool database among a widely dispersed group
of people (like all the employees of XYZ Corporation). We can,
however, use the key management API to create a key management system
that has whatever features we require.
That framework is the ultimate goal of the following sections. First,
however, let’s take a look at the classes that make up the key
management API. We begin with the notion of the identity to whom a
key belongs. In Java’s key management model, the association
between a key and its owner is application-specific, but it is
generally modeled on the
Classes that are concerned with identities
and key management in the Java
security package generally implement the
Provide an interface that supports the notion of an entity. In particular, principals have a name, ...