AviD
Reputation: 13112
JKS protection
Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?
I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?
Upvotes: 12
Views: 5403
Answers (2)
erickson
Reputation: 269667
To be more precise:
- PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
- Integrity of trusted certificates is protected with a MAC using the key store password.
- The file as a whole is not encrypted, and an attacker can list its entries without the key store password.
Upvotes: 6
Shimi Bandiel
Reputation: 5747
They are encrypted.
The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.
Upvotes: 3
Related Questions
- Keystore password encrypting in java
- How does keytool protect keys?
- How do I protect my Java AES encryption key
- Refer java security policies externally
- Storing sensitive infomation
- Encryption in Java
- encryption used by JCEKS keyStore in JavaTM Cryptography Extension..?
- Java encryption and Force.com apex encryption
- Password protect encryption keys?
- Encryption by jasypt