Java KeyStore

A Java KeyStore (JKS) is a repository of security certificates – either authorization certificates or public key certificates – used for instance in SSL encryption.

In IBM WebSphere Application Server and Oracle WebLogic Server, a file with extension jks serves as keystore.

The Java Development Kit maintains a CA keystore in folder jre/lib/security/cacerts. JDKs provide a tool named keytool^[1] to manipulate the keystore. keytool has no functionality to extract the private key out of the keystore, but this is possible with third-party tools like jksExportKey,^[2] CERTivity,^[3] Portecle^[4] and KeyStore Explorer.^[5]

Keytool is used to manage private keystore (Such as JKS) and it's linking of an X.509 key string(to verify a public key that is corresponding with a private key.).And it can also be used to manage the other trusting figures.

The JarSigner Utility uses the information of the Keystore(e.g:JKS) to generate or verify the .JAR application's digital signatures.When it is about to run a file that is from an unknown source(Such as Internet or someone's U-Disk),the tool first use the digital signatures exists in the .JAR file to verify if the digital signature is correct,then it verify the source is trusted or untrusted.So don't import any root certificates that are unknown to you!

Certificate is a statement that is from a figure(such as a person or a company).If a file(such as a software or a mount of data)has been signed,anyone who has a public key can check if the data is currupted or has been modified.

• [1]Keytool on Baidu Baike
• Java Secure Socket Extension
• Public-key infrastructure

This computer security article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e