Tuesday, March 11, 2008

Java keystore

Keystores

Private keys and their associated public key certificates are stored in password-protected databases called keystores. A keystore can contain two types of entries: the trusted certificate entries discussed above, and key/certificate entries, each containing a private key and the corresponding public key certificate. Each entry in a keystore is identified by an alias.

A keystore owner can have multiple keys in the keystore, accessed via different aliases. An alias is typically named after a particular role in which the keystore owner uses the associated key. An alias may also identify the purpose of the key. For example, the alias signPersonalEmail might be used to identify a keystore entry whose private key is used for signing personal e-mail, and the alias signJarFiles might be used to identify an entry whose private key is used for signing JAR files.

The keytool tool can be used to

  • Create private keys and their associated public key certificates
  • Issue certificate requests, which you send to the appropriate certification authority
  • Import certificate replies, obtained from the certification authority you contacted
  • Import public key certificates belonging to other parties as trusted certificates
  • Manage your keystore

API methods can also be used to access and to modify a keystore.



http://java.sun.com/docs/books/tutorial/security/sigcert/index.html

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)