0

Want to store secret key by java keystore .

As JDK maintain keystore in jre\lib\security\cacerts & have doubt on below point

Could anybody clear doubt over here 1) where exactly the .keystore file stored , is it in project itself as like of config file or in jdk folder i.e security folder 2) Do we need to provide the certificate for our custom created key ? if yes then how can we give with java code.

Thanks in advance

ashishl
  • 171
  • 3
  • 12
  • 1
    Possible duplicate of [How do I find out what keystore my JVM is using?](http://stackoverflow.com/questions/8980364/how-do-i-find-out-what-keystore-my-jvm-is-using) – drum Oct 08 '16 at 16:59

1 Answers1

2

You're confusing two types of stores. cacerts is a truststore; you need a keystore. In short, roughly, the truststore is who you trust and the keystore is who you are.

Using an X.509 certificate is the correct way to manage a private key (such as with SSL). You can specify certificates through properties passed to Java when starting your application (be it a standalone application or a container like Tomcat) or programmatically. This SO answer provides a concise overview of the properties required to configure your keystore and truststore. You probably won't have to do anything with the truststore.

Community
  • 1
  • 1
Paul
  • 18,243
  • 13
  • 70
  • 92
  • Thanks Paul...Got your point that we do not have to take anything from cacerts. as this jdk truststore where jdk store his key..Please correct me if I am wrong at any place... But what about our private key where it will go that's the only things I am bit confuse about ... Do we have to make keystore and store in trusttore i.e security/cancerts – ashishl Oct 08 '16 at 17:38
  • No, the keystore is a separate entity. You make a keystore and then tell Java about it. Read the link in my answer; it explains the properties required. It might help to know what you are trying to do with your private key. Is it for SSL or client authentication or something else? – Paul Oct 08 '16 at 17:54
  • It is just my secret key want to store and no one gone use this except me...definalty it will load through java code – ashishl Oct 08 '16 at 17:57
  • SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); System.out.println("Stored Key:\t" + secretKey); //store the secret key KeyStore.SecretKeyEntry keyStoreEntry = new KeyStore.SecretKeyEntry(secretKey); // Password to store key file PasswordProtection keyPassword = new PasswordProtection("PASSWORD_FOR_PROTECTION_OF_FILE".toCharArray()); /** Storing in key value format like map but with password */ keyStore.setEntry("MAP_KEY", keyStoreEntry, keyPassword); keyStore.store(new FileOutputStream(keyStoreFile), "PASSWORD_FOR_KEYSTORE_FILE".toCharArray()); – ashishl Oct 08 '16 at 17:59
  • If you want to retrieve your public and private key from a Java keystore see the answers to this question: [How to retrieve my public and private key from the keystore we created](http://stackoverflow.com/questions/19937890/how-to-retrieve-my-public-and-private-key-from-the-keystore-we-created) – Paul Oct 08 '16 at 18:03