Subject: SSL/TLS Error Database -- Loading KeyStore
Author: authen
Posted on: 02/22/2008 07:43:49 PM
What is the keystore?
A keystore is the place where key entries are stored. It can be a file or a hardware device.
Generally speaking, keystore information can be grouped into two different categories: key entries and trusted certificate entries. A key entry consists of an entity's identity and its private key, and can be used for a variety of cryptographic purposes. In contrast, a trusted certificate entry only contains a public key in addition to the entity's identity. Thus, a trusted certificate entry can not be used where a private key is required, such as in a javax.net.ssl.KeyManager. In the JDK implementation of "JKS", a keystore may contain both key entries and trusted certificate entries.
There are two different passwords: keystore password and key password. The former is associated with the container (keystore) while the latter is associated with a specific key entry (key).
Keystore password is usually not required to open a key store unless you want to manage (modify/delete/add entry) it.
While accessing trusted certificate entries does not needs password since they are public in general sense; accessing key entries needs the key password for each of them.
Replies:
References:
