Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Difference Between trustStore and keyStore in Java
If one is a Java developer and has worked with the Java SSL/TLS, one may have encountered the terms trustStore and keyStore. These two files are used to store cryptographic keys and certificates. Till Java 8, the default format for these files was JKS. With the release of Java 9, the default format changed to PKCS12. Here, JKS is a Java specific format, whereas the PKCS12 is a language independent format. In this article, we will discuss the difference between trustStore and keyStore in Java.
trustStore vs keyStore
trustStore
It is a file that contains a collection of self-signed certificates that the client trusts. The contained certificates are of trusted certificate authorities (CAs) that issue certificates for other servers. The trustStore verifies the identity and authenticity of other servers during SSL authentication. First, the server search for the associated key from its keyStore and displays both the public key and certificate to the client. Then the client searches for the associated certificate from trustStore to check whether the certificate or Certificate Authorities presented by the external server are in our trustStore or not. If it is present, the connection will get set up successfully otherwise we'll get an SSLHandshakeException.
To specify the type of trustStore and password, we need to set the following properties:
javax.net.ssl.trustStorePassword and
javax.net.ssl.trustStoreType
keyStore
It is a file that contains a private key, secret key and certificates with a public key that belongs to the sender or client of the keyStore. During an SSL handshake, these keys and certificates are used by the client and server for the verification of message and the identity of sender. First, the server looks for the private key and then displays the public key and certificate associated with it to the client. Similar to this, the client also authenticates itself by displaying the public key and certificate. The whole process is termed as mutual authentication. The public key performs the encryption and the private key performs the decryption of data.
Classes and Methods
java.security.KeyStore: It is a class used for creating and manipulating a keystore. It provides several built-in methods for loading, saving, adding, deleting, and enumerating keystore entries.
javax.net.ssl.keyStore: It is used to specify the type of keyStore.
javax.net.ssl.keyStorePassword: It is used to specify the type of password.
setEntry(): It is a method that adds an entry to the specified keystore.
aliases(): This method enumerates all the entries in a keystore and returns an enumeration of strings that represent all the alias of the keystore.
Till this point, we have understood the definition and working of trustStore and keyStore. In the next section, we will discuss the distinction lies between these stores.
Difference between trustStore and keyStore
The following table concludes the difference between trustStore and keyStore from the above discussion:
| trustStore | keyStore |
|---|---|
| It contains certificates of external servers which we can trust. | It contains the keys and certificates of our application. |
| The passwords stored in it are readable by everyone. | The passwords stored in it are only readable by specific members. |
| It is required while setting up the connection on client side. | It is required while setting up the connection on server side. |
| trustStore does not hold any private and sensitive data. | keyStore holds private and sensitive data of the client. |
| It is used by TrustManager. | It is used by KeyManager. |
Conclusion
Now, we are at the end of our discussion, let's quickly wrap up what we have discussed in this article. The concepts of trustStore and keyStore are used whenever we try to communicate with third party applications. The keyStore act as a secure storage facility to contain cryptographic keys that are used for authentication. The trustStore is used to trust the third party with which we are going to communicate.
325 Views
To Continue Learning Please Login