JKS protection

2020-01-29 15:39发布

Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?

I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?

2条回答
The star\"
2楼-- · 2020-01-29 16:22

They are encrypted.

The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.

查看更多
ら.Afraid
3楼-- · 2020-01-29 16:22

To be more precise:

  • PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
  • Integrity of trusted certificates is protected with a MAC using the key store password.
  • The file as a whole is not encrypted, and an attacker can list its entries without the key store password.
查看更多
登录 后发表回答