9

Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?

I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?

AviD
  • 12,944
  • 7
  • 61
  • 91

2 Answers2

5

To be more precise:

  • PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
  • Integrity of trusted certificates is protected with a MAC using the key store password.
  • The file as a whole is not encrypted, and an attacker can list its entries without the key store password.
erickson
  • 265,237
  • 58
  • 395
  • 493
  • 3
    Thanks, can you elaborate on the details? Algorithms, key management, how do i configure this all? – AviD Oct 07 '08 at 05:50
3

They are encrypted.

The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.

Shimi Bandiel
  • 5,773
  • 3
  • 40
  • 49
  • 1
    Thanks, can I have more details? Algorithm, key management, etc – AviD Oct 06 '08 at 12:59
  • 1
    I think it is dependent on the KeyStore provider. You can take a look at this link if it helps (http://www.informit.com/articles/article.aspx?p=170967&seqNum=2) – Shimi Bandiel Oct 06 '08 at 13:26
  • Yeah, those links (especially the second) helped. So in short, its *kinda* encrypted, just not particularly well. – AviD Oct 09 '08 at 23:36