The KeyStore Class
Now
that we understand the pieces that
make up a key management system, we can look at the topic of key
management itself. From an administrative perspective, the primary
tool that provides key management for Java 1.2 is the
keytool
utility. Keytool
operates upon a file (or other
storage system) containing a set of private keys and certificates for
those keys.
The keytool file contains a set of
entries; each entry may have the following attributes:
An alias. This is a name you can use to reference the entity in the database. For example, an alias for my entry might be
sdo
, orScottOaks
.One or more certificates that vouch for the identity of the entry. These certificates also provide the public key for the entry.
Optionally, a private key. If present, the private key can be protected by a password.
We’d be tempted to call the entries in this database
identities, but that’s potentially confusing: the entries
stored in the keytool database are not instances of the
Identity
class (although we could create an
identity object based on the information retrieved from the
database).
Figure 11.1 shows the role of the keytool database
in the creation and execution of a signed JAR file. The
jarsigner
utility consults the
keytool database for the private key of the entity that is signing
the JAR file. Once the signed JAR file is produced, it is placed on a
web server, where it can be downloaded into an appletviewer or other
Java-enabled browser.[36] When the JAR file ...
Get Java Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.