Java Keystore

A Java KeyStore is a file that contains certificates. These certificates are used in the Java code. KeyStore and the certificates within it are used to make secure connections from the Java code. The certificates stored can be in several formats. A Java KeyStore is represented by the KeyStore(java.security.KeyStore) class.

For Example- If we wish to make an API call over HTTP, the server provides us with a certificate containing the public key and our code has to decide whether it trusts the certificate or not.

KeyStore stores the following type of data-

Private Keys
Public Keys and certificates
Secret Keys

Methods of Java KeyStore

Method	Description
Enumeration aliases()	It return all the alias names of this Keystore.
boolean containsAlias(String alias)	It checks whether the given alias is present in the KeyStore.
void deleteEntry(String alias)	It deletes the alias provided from the KeyStore.
boolean entryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)	It determines whether the KeyStore entry for the given alias is a subclass or instance of the given entryClass.
Certificate getCertificate(String alias)	It returns the certificate associated with the given alias.
String getCertificateAlias(Certificate cert)	It returns the name of the first keystore entry which matches the certificate provided.
Certificate[] getCertificateChain(String alias)	It returns the certificate chain which is associated with the given alias.
Date getCreationDate(String alias)	It returns the date on which the entry associated with the specified alias was created.
static String getDefaultType()	It returns the default type of the KeyStore which is specified in the Java security properties file and if no property is found, then it returns the string "jks".
KeyStore.Entry getEntry(String alias, KeyStore.ProtectionParameter protParam)	It return a KeyStore entry associated with the given alias with the specified protection parameter.
static KeyStore getInstance(String type)	It return an object of Keystore of the specified type.
static KeyStore(String type, Provider provider)	It return an object of Keystore of the specified type.
static KeyStore(String type, String provider)	It return an object of Keystore of the specified type.
Key getKey(String alias, char[] password)	It returns the key associated with the given alias and the password is used to recover it.
Provider getProvider()	It returns the provider of the Keystore.
String getType()	It returns the type of the key store.
boolean isCertificateEntry(String alias)	It return true if the entry associated with the alias was created by the setCertificateEntry method, or created by setEntry method with TrustedCertificateEntry.
boolean isKeyEntry(String alias)	It return true if the entry associated with the alias was created by the setKeyEntry method, or created by setEntry method with a PrivateKeyEntry or a SecretKeyEntry.
void load(InputStream stream, char[] password)	It loads this KeyStore from the given input stream.
void load(KeyStore.LoadStoreParameter param)	It loads this KeyStore from the given LoadStoreParameter.
void setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)	It assigns the alias the Keystore entry.
void setKeyEntry(String alias, byte[] key, Certificate[] chain)	It assigns the given key to the alias. The key here is already protected.
void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)	It assigns the given key to the alias and protects it with the password.
int size()	It provides the number of entries in the Keystore.
void store(KeyStore.LoadStoreParameter param)	It is used to store the given Keystore using the given LoadStoeParameter.
void store(OutputStream stream, char[] password)	It is used to store the Keystore in the given output stream and protects it with the given password.
void setCertificateEntry(String alias, Certificate cert)	It maps the certificate to the given alias.

How to create a KeyStore?

We can create a KeyStore by initializing the instance of the KeyStore by calling its getInstance() method.

This creates a KeyStore with the default type. We can create KeyStore of other types by simply passing different parameters to the getInstance() method.

How to load a KeyStore?

To use a KeyStore instance, we first need to load it. KeyStore is usually stored on disk or any other kind of storage.

To load a Keystore, we use the KeyStore load() method. The load contains two parameters:

An InputStream which tells from where the KeyStore data has to be loaded.
A char array which stores the password of the KeyStore.

char[] keyStorePassword = "123abc".toCharArray();
try(InputStream keyStoreData = new FileInputStream("keystore.ks")){  //keystore.ks       //is the file from where we want to load the file
    keyStore.load(keyStoreData, keyStorePassword);
}

How to get keys from KeyStore?

To get the keys from the Keystore instance, we use the getEntry() method. Every key of a Keystore is mapped with an alias which identifies the key and is protected by a key password. To access any key, we have to provide two parameters i.e., the key alias and password.

char[] keyPassword = "abc123".toCharArray();
KeyStore.ProtectionParameter entryPassword =
        new KeyStore.PasswordProtection(keyPassword);

KeyStore.Entry keyEntry = keyStore.getEntry("keyAlias", entryPassword);

How to set Keys in KeyStore?

You can set the keys in KeyStore by using the setEntry method. This method takes in a password, an alias, and a secret key entry. The following code is used to set keys in KeyStore.

SecretKey secretKey = getSecretKey();
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);

keyStore.setEntry("keyAlias2", secretKeyEntry, entryPassword);

How to store the KeyStore?

We can store a Keystore in disk or database for later retrieval. To do this, we use the store() method.

char[] keyStorePassword = "123abc".toCharArray();
try (FileOutputStream keyStoreOutputStream = new FileOutputStream("data/keystore.ks")) {
    keyStore.store(keyStoreOutputStream, keyStorePassword);
}

Next TopicJava Tutorial

← prev next →