A database containing keys is called the Java Keystore. These keys, also known as certificates, are usually used in the code of Java. In the Java code, these certificates and the Keystore that contains them are applied for making secure connections and are generally stored in several formats. The following class represents the Java Keystore -
KeyStore(java.security.KeyStore).
The following keys are held in a Java Keystore -
- Private keys
- Certificates and Public keys
- Secret keys
Private keys
Private keys in Java Keystore are used to set up an SSL server to enable asymmetric encryption.
Public keys
Public keys in Java Keystore are also used to enable asymmetric encryption. Usually, a public key corresponds to a private key, and this makes a key pair.
Certificates
A file or document that is used to identify the identity of a device, organization, or person which claims to own a public key. The verifying party usually digitally signs this certificate as a form of proof.
Secret keys
Whenever a secure connection is made, a symmetrical key is set up. This symmetrical encryption is a secret key. These are lesser in number than the public and private keys.
Methods of Java Keystore
The following methods are used in the Java Keystore -
Enumeration aliases()
The present Keystore’s alias names are returned.
boolean containsAlias(String alias)
Checks the presence of the present alias in the Keystore.
void deleteEntry(String alias)
This method enables the deletion of the alias from the Keystore.
boolean entryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)
For the given alias, this method helps in determining whether the given alias is an instance or a subclass of the present entryClass.
Certificate getCertificate(String alias)
The associated certificate of the present alias is returned.
String getCertificateAlias(Certificate cert)
The name of the first keystore entry that gets matched with the provided certificate is returned.
Certificate [ ] getCertificateChain(String alias)
The certificate chain associated with the present alias is returned.
Date getCreationDate(String alias)
The date at which the specified alias entry is associated with, is returned.
static String getDefaultType()
The default Keystore type specified in the security properties file of Java is returned, and if no property is found, the string “jks” is returned.
KeyStore.Entry getEntry(String alias, KeyStore.ProtectionParameter protParam)
The associated keystore entry the specified protection parameter with the present alias is returned.
static KeyStore getInstance(String type)
An object of a specified type Keystore is returned.
static KeyStore(String type, Provider provider)
An object of a specified type Keystore is returned along with the provider of the specified mentioned type.
static KeyStore(String type, String provider)
An object of a specified type Keystore is returned along with the provided string type.
Key getKey(String alias, char [ ] password)
It returns the associated key with the present alias along with the recovery password.
Provider getProvider()
The keystore’s provider is returned.
String getType()
The keystore’s type is returned.
boolean isCertificateEntry(String alias)
If the setCertificateEntry method or the setEntry method with TrustedCertificateEntry creates the associated entry with the alias, then this method returns true else it returns false.
boolean isKeyEntry(String alias)
If the setKeyEntry method or the setEntry method with a PrivateKeyEntry or a SecretKeyEntry creates the associated entry with the alias, then this method returns true else it returns false.
void load(InputStream stream, char[] password)
From the given input stream, the Keystore is loaded.
void load(KeyStore.LoadStoreParameter param)
From the LoadStoreParameter, the Keystore is loaded by this method.
void setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)
The Keystore entry alias is assigned by this method.
void setKeyEntry(String alias, byte[] key, Certificate[] chain)
The given key to the alias is assigned by this method. The already protected key is passed here.
void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
The given key to the alias is assigned by this method. This method protects the password as well.
int size()
This method provides all the entries present in the Keystore.
void store(KeyStore.LoadStoreParameter param)
Using the given LoadStoreParameter, the given Keystore is stored in this method.
void store(OutputStream stream, char [ ] password)
In the given output stream, this method stores the Keystore and also protects it using the given password.
void setCertificateEntry(String alias, Certificate cert)
To the given alias, the certificates are mapped using this method.
How to Create a Java Keystore?
Now, you will explore and see how to create a Java Keystore.
By calling the getInstance() method, the instance of the Java Keystore is initialized and a Java Keystore is thus created.
The following syntax does the job -
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
The above snippet helps us to create a default type Keystore. Keystores of other types can also be created in a similar way. You do this in the following way -
You pass different parameters to the getInstance() method.
The following syntax follows this pattern -
KeyStore keyStore = KeyStore.getInstance("PKCS12");
How to Load a Java Keystore?
You need to first load a Java Keystore before you store a Java Keystore instance. It is because the Java Keystore storage is done on a hard disk or any other type of storage.
This is done using the following way -
Using the load() method of the Java Keystore, you load the Java Keystore. This method consists of the following two parameters -
- A char array - The password of the Keystore is stored in this char array.
- An InputStream - The location where the Keystore data loading is to be done is told by this InputStream.
This is done using the following way -
char [ ] password = "password123".toCharArray();
try(InputStream data = new FileInputStream("keystore.ks")) {
/*keystore.ks is the file from where we want to load the file */
keyStore.load(data, password);
}
The above example locates the keystore.ks file and load the keystore stored in it.
Getting Keys From Java Keystore
The getEntry() method is used to get the Java Keystore instance keys. A password-protected alias that finds the key is mapped to every key in the Java Keystore. You need to provide two parameters to access any key stored in the Java Keystore, i.e the password and the alias of the key.
The above technique is demonstrated below -
char [ ] password = "password123".toCharArray();
KeyStore.ProtectionParameter entryPassword =
new KeyStore.PasswordProtection(keyPassword);
KeyStore.Entry keyEntry = keyStore.getEntry("keyAlias", entryPassword);
Setting Keys in Java Keystore
Using the setEntry method, it can set the keys in the Java Keystore. The parameters of this method are - a secret key entry, a key alias, and a password.
The above technique is demonstrated in the following code -
SecretKey secretKey = getSecretKey();
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);
keyStore.setEntry("aliasKey", secretKeyEntry, entryPassword);
Storing the Java Keystore
To store a Java Keystore for later retrieval, we use the store() method. This Java Keystore is stored in a database or a disk.
This is done in the following way -
char [ ] keyStorePassword = "password123".toCharArray();
try (FileOutputStream keyStoreOutputStream = new FileOutputStream("data/keystore.ks")) {
keyStore.store(keyStoreOutputStream, keyStorePassword);
}
Conclusion
Almost everything you use in your daily life today has a Java connection. Java remains one of the most popular in the industry, with a high demand for job openings. If you want to learn Java and make a career out of it, check out this playlist:
Simplilearn's Java Certification Training Course is for you if you want to get your Java career started. You will receive 70 hours of blended learning, lifetime access to self-paced learning resources, hands-on coding and real-world industrial projects, and much more with it. So, what exactly are you waiting for?
Do you have any questions for us? Leave them in the comments section of this article and our experts will get back to you ASAP!
