1

I was wondering if there are any key store implementations out there that allow to store key attributes, say as name/value-pairs, along with a symmetric key's value? Looks like JKS and JCEKS only allow storing the key value and the key's alias, so looking for other options, if any.

Doesn't matter how name/value-pairs are treated, as long as they can be stored (it's up to the application to make sense of them, really).

So what I would like to put in the key store is:
alias1 - keyvalue1 - metadata1=[md1=value11 md2=value12 md3=value13 ...]
alias2 - keyvalue2 - metadata2=[md1=value21 md2=value22 md3=value23 ...]
...
Don't care about the coding of the metadata, but it should be retrievable separately.

Edit: KeyStore.SecretKeyEntry has a CTOR accepting a Set of Attributes and using KeyStore.setEntry one could pass such a SecretKeyEntry including its metadata. Unfortunately, it looks like the default JCEKS implementation just ignores the attributes.

rbnbrtls
  • 11
  • 3
  • What name/value-pairs for example? – zhh Jan 08 '18 at 13:17
  • It really depends on the application. Could be a piece of data specifying what crypto operations the key could be used with, could be information about the key's type (administration key, data encryption key, key encryption key, pin encryption key, ...). Coding doesn't really matter, Attribute labels could be strings, binary, ... Same for values. It's the responsibility of the application managing the keys to understand the name/value format. – rbnbrtls Jan 08 '18 at 13:24
  • You can use a keystore along with a database to store name/value-pairs. At least with java ```KeyStore``` you can't store those things because the ```KeyStore``` API does not provide such function. – zhh Jan 08 '18 at 13:33
  • The [Android KeyStore](https://developer.android.com/training/articles/keystore.html) has some of the features you are looking for, but it doesn't accept arbitrary key-value pairs, and of course it's Android-specific. As far as I know there is no such keystore. However, the Bouncycastle Keystore (BKS) is available as liberally licensed open source java. Should you wish to create your own Keystore this would be an excellent starting point. – President James K. Polk Jan 08 '18 at 23:05
  • Haven't checked the Android KeyStore since it's Android-specific. Looks like the only option is DIY indeed. Shouldn't be that hard really. – rbnbrtls Jan 09 '18 at 10:29

1 Answers1

0

If it is the applications job to make sense of the key, why don`t you do something like the below?

For a String key.

Key: "rabbit?color=white&size=small&fluffy=true"

Or you could parse to base64 and have

Key: cmFiYml0P2NvbG9yPXdoaXRlJnNpemU9c21hbGwmZmx1ZmZ5PXRydWU=

The issue I see here is that for a string you won't be able to disassociate the key "rabbit" from the attributes. For instance, on JKS you would have the key above as the -alias cmFiYml0P2NvbG9yPXdoaXRlJnNpemU9c21hbGwmZmx1ZmZ5PXRydWU=, which would force you to iterate through all the keys in order to find the correct one.

Tolio
  • 1,023
  • 13
  • 30
  • Not sure I made myself very clear. What I would need to store is `alias1 - keyvalue - metadata=[md1=value1 md2=value2 md3=value3 ...]`. Keys should be retrievable from the key store by their alias only, but instead of retrieving just the keyvalue, it should be possible to retieve the metadata as well. – rbnbrtls Jan 08 '18 at 14:00
  • Now I get it. As far as my knowledge goes, I don`t think this is possible to do as you wish with the current tools. You would have to keep your metadata stored somewhere else – Tolio Jan 08 '18 at 16:14