Why public certificates are stored in a keystore?

https://stackoverflow.com/questions/22939710

public-key
certificate
keystore

29-06-2023
|

Question

If certificates are public anyways, why are they stored in a password-protected keystore?

Is this a must, or a means to relate the public key to the private key?

Solution

There a few reasons for that:

First, in terms of implementation it is indeed a means to relate a private key to a public key. If a private key if compromised, the whole certificate is compromised.

Second, the knowledge of "who we trust" is valuable.

Third, a random user shouldn't be able to add new certificates to the trust store.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow