O'Reilly logo

Java Security, 2nd Edition by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Key Management API

The keytool gives us the ability to create keys, obtain certificates, and so on. Now we’ll turn our attention to using the key management facilities programatically: if you need to create a digital signature, you’ll use the key management API to locate the correct key. Similarly, you may choose to store secret keys for data encryption in the keystore. The key management API allows us to read and write keystores and their entries.

In addition, the implementation of keytool has certain limitations: it cannot create entries that store secret keys, and it is difficult to share the keys in a keytool database among a widely dispersed group of people (like all the employees of XYZ Corporation). We can, however, use the key management API to create a key management system that has whatever features we require.

That framework is the ultimate goal of the following sections. First, however, let’s take a look at the classes that make up the key management API. We begin with the notion of the identity to whom a key belongs. In Java’s key management model, the association between a key and its owner is application-specific, but it is generally modeled on the Principal interface.

Principals

Classes that are concerned with identities and key management in the Java security package generally implement the Principal interface (java.security.Principal):

public interface Principal

Provide an interface that supports the notion of an entity. In particular, principals have a name, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required