JKS protection
https://stackoverflow.com/questions/174131
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?
I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?
Solution
They are encrypted.
The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.
OTHER TIPS
To be more precise:
- PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
- Integrity of trusted certificates is protected with a MAC using the key store password.
- The file as a whole is not encrypted, and an attacker can list its entries without the key store password.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
