that we understand the pieces that
make up a key management system, we can look at the topic of key
management itself. From an administrative perspective, the primary
tool that provides key management for Java 1.2 is the
Keytool operates upon a file (or other
storage system) containing a set of private keys and certificates for
The keytool file contains a set of
entries; each entry may have the following attributes:
An alias. This is a name you can use to reference the entity in the
database. For example, an alias for my entry might be
One or more certificates that vouch for the identity of the entry. These certificates also provide the public key for the entry.
Optionally, a private key. If present, the private key can be protected by a password.
We’d be tempted to call the entries in this database
identities, but that’s potentially confusing: the entries
stored in the keytool database are not instances of the
Identity class (although we could create an
identity object based on the information retrieved from the
Figure 11.1 shows the role of the keytool database
in the creation and execution of a signed JAR file. The
utility consults the
keytool database for the private key of the entity that is signing
the JAR file. Once the signed JAR file is produced, it is placed on a
web server, where it can be downloaded into an appletviewer or other
Java-enabled browser. When the JAR file ...