JKS Protection

Question

JKS Protection

Are JKS (Java Key Store) files encrypted? Do they provide full encryption key protection or do I need to rely solely on access control?
Is there a way to provide key protection?

I'm interested in the detailed details, including the algorithm, key management, etc. Is it configurable?

+6

java security encryption jks

Avid Oct 6 '08 at 12:54

source share

2 answers

More precisely:

PrivateKeys and SecretKeys within the JKS file are encrypted with their own password.
Trusted certificate integrity is protected by a MAC using a keystore password.
The file as a whole is not encrypted, and an attacker can list its entries without a password keystore.

+3

erickson Oct 6 '08 at 21:05

source share

Shimi bandiel · Accepted Answer · 2008-10-06T12:54:58+0000

They are encrypted.

The algorithm is vendor-specific. The provider will return the key / certificate based on the password. If you need strong security, find a keystore provider that uses strong encryption.

JKS Protection

More articles: