• In the present scenario, most of the attacks are aimed at key management rather than cryptographic algorithms
  • Poor Key Management Threats include:
    – Mishandling of Keys
    – Incorrect Implementation of Key Generation
    – Confidentiality Compromise
    – Unauthorized use of Public or Secret Keys
    – Compromise of Authenticity

Keys and Certificates

  • In Java, there is a separate java.security.cert.Certificate class that manages all interactions with certificates using the Certificate Class, the CertificateFactory Class and the X509Certificate Class
  • Keys and certificates are often associated with some person or an organization and they deal in how keys are stored, transmitted and shared in the Java Security package i.e., JCE
  • Keys are an important component of many Java cryptographic algorithms, generally used for generating and verifying digital signatures or performing encryption
    – Asymmetric keys (public and private keys) are used for digital signatures
    – Symmetric keys (secret keys) are associated with implementation of certificates
  • The main classes that operate on keys include:
    – The KeyPairGenerator class (generates keys)
    – The KeyFactory class (interprets key objects and their external representations)
  • Certificates are used for authenticating keys that are used for digital signing (using secret keys or private keys)

Key Management System

  • The key management system provides private keys to create digital signatures and public keys for verifying the digital signatures
  • Key management system manages keys (public, private, secret keys) contained within a certificate, stores those keys and retrieves them programmatically using tools

Elements of key management system include:

  • keys
    Used for signing data e.g., JAR files that are usually provided by an entity (an individual or an organization) and include public key, private key or both public and private keys
  • Certificates
    Used for verifying digital signatures (public key) provided by an entity
  • Identities
    Used for managing identities with their keys that are stored in the key database (keystore)

KeyStore

  • KeyStore provides standard mechanism for managing and storing cryptographic keys and certificates (password-protected database)
  • KeyStore is an important class in JCA that manages Java’s key management system (java.security.KeyStore)
  • KeyStore implements entries using KeyStore.Entry interface for managing entries such as KeyStore.PrivateKeyEntry KeyStore.SecretKeyEntry and KeyStore.TrustedCertificateEntry

Implementation Method of KeyStore Class