In this chapter we examined the key management facilities of Java. Key management revolves around keys and certificates—ideas we’ve already discussed—but it also depends upon the notion of an identity—an individual or a corporation—and the idea that a particular identity can be certified.
Key management in Java can be handled either programmatically with
the standard Java API or with the key management tool
Keytool itself is
a good example of how the programming API can be used, although there
are some trade-offs involved here; for example, loading a large
keystore is not necessarily the most appropriate choice for a
thin-client application. Fortunately, the security package gives us
the necessary tools to implement our own keystore when that is
For all the time we’ve spent on them, keys are not interesting by themselves. They are interesting for what they allow us to do, which among other things includes the ability to operate on a digital signature. In the next chapter, we’ll look at digital signatures, their relationship to keys, and the operations that keys and digital signatures enable us to perform.