Creating PKCS12 keystores
The Java 9 platform provides increased security for keystores. In order to appreciate the changes ushered in by Java Enhancement Proposal 229, create PKCS12 keystores by default, we will first review the concept of keystores, look at the KeyStore class, and then look at the changes.
Keystore primer
The concept of a KeyStore is relatively simple. It is essentially a database file, or data repository file, that stores public key certificates and private keys. The Keystore will be stored in the /jre/lib/security/cacerts folder. As you will see in the next section, this database is managed by Java's java.security.KeyStore class methods.
KeyStore features include:
- Contains one of the following entry types:
- Private keys
- Public key certificates
- Unique alias string names for every entry
- Password protection for each key
Java Keystore (JKS)
Thejava.security.KeyStoreclass is the storage facility for cryptographic keys and certificates. This class extends java.lang.Object, see as follows...
