Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Programming =>  Java

Different types of keystore in Java -- JCEKS

  Pi Ke      2015-01-05 00:30:56      13,403    0    1

JCEKS stands for Java Cryptography Extension KeyStore and it is an alternative keystore format for the Java platform. Storing keys in a KeyStore can be a measure to prevent your encryption keys from being exposed. Java KeyStores securely contain individual certificates and keys that can be referenced by an alias for use in a Java program.

The process of storing and loading different entries in JCEKS is similar to what JKS does. So please refer to the article Different types of keystore in Java -- JKS. Change the keystore type from JKS to JCEKS accordingly when calling KeyStore.getInstance().

In this post, we will only cover the process of storing secret keys in JCEKS keystore. The secret key entry will be sealed and stored in the keystore to protect the key data. Please provide a strong password when storing the entry into the keystore.

Store secret key

The secret key can be stored in JCEKS keystore with below code.

try{
	KeyStore keyStore = KeyStore.getInstance("JCEKS");
	keyStore.load(null, null);
	
	KeyGenerator keyGen = KeyGenerator.getInstance("DES");
	keyGen.init(56);;
	Key key = keyGen.generateKey();
	
	keyStore.setKeyEntry("secret", key, "password".toCharArray(), null);
	
	keyStore.store(new FileOutputStream("output.jceks"), "password".toCharArray());
} catch (Exception ex) {
	ex.printStackTrace();
}

Load secret key

The stored secret key can be extracted from JCEKS keystore in Java. The extracted key can be used to encrypt/decrypt data as normal.

try{
	KeyStore keyStore = KeyStore.getInstance("JCEKS");
	keyStore.load(new FileInputStream("output.jceks"), "password".toCharArray());
	
	Key key = keyStore.getKey("secret", "password".toCharArray());
	
	System.out.println(key.toString());
} catch (Exception ex) {
	ex.printStackTrace();
}

The output is :

javax.crypto.spec.SecretKeySpec@fffe7b9b

For the different types of keystores, please refer to Different types of keystore in Java -- Overview.

JAVA TUTORIAL KEYSTORE JCEKS

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious

  RELATED


  0 COMMENT


No comment for this article.


  WRITE ARTICLE

Be serious, Google

By sonic0002
This is the Google doodle in Hong Kong for 2014 Mid-Autumn festival. Are you serious, Google? Do Chinese need to climb the ladder to see the moon? Are you meaning that the Chinese need to bypass the Great Firewall to use Google?