go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Error #1: KeyStore type is wrong
 
Subject: Error #1: KeyStore type is wrong
Author: authen
In response to: SSL/TLS Error Database -- Loading KeyStore
Posted on: 02/22/2008 07:46:20 PM

        String keystore_type = KeyStore.getDefaultType(); // "JKS"
        try{
    		KeyStore ks = KeyStore.getInstance(keytore_type);
        }catch(Exception e){
        	e.printStackTrace();
        }


By default, the KeyStore type is defined and retrieved from the value of 'keystore.typ' in file 
        $JAVA_HOME/lib/security/java.security

The value is usually 'JKS' for Sun JRE. You can change it for different type of keystore, e.g. PKCS11, in the file or in your code by property setting :
  System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");

If KeyStore type you specified was not supported, you would most likely see something like this:

java.security.KeyStoreException: PKCS11 not found
	at java.security.KeyStore.getInstance(Unknown Source)
	at com.rli.slapd.server.bio.LDAPListenerSSL.getKeyManagers(LDAPListenerSSL.java:278)
	at com.rli.slapd.server.bio.LDAPListenerSSL.getServerSocketFactory(LDAPListenerSSL.java:191)
	at com.rli.slapd.server.bio.LDAPListenerSSL.run(LDAPListenerSSL.java:52)



 

> On 02/22/2008 07:43:49 PM authen wrote:
What is the keystore?

A keystore is the place where key entries are stored. It can be a file or a hardware device.

Generally speaking, keystore information can be grouped into two different categories: key entries and trusted certificate entries. A key entry consists of an entity's identity and its private key, and can be used for a variety of cryptographic purposes. In contrast, a trusted certificate entry only contains a public key in addition to the entity's identity. Thus, a trusted certificate entry can not be used where a private key is required, such as in a javax.net.ssl.KeyManager. In the JDK implementation of "JKS", a keystore may contain both key entries and trusted certificate entries.

There are two different passwords: keystore password and key password. The former is associated with the container (keystore) while the latter is associated with a specific key entry (key).

Keystore password is usually not required to open a key store unless you want to manage (modify/delete/add entry) it.

While accessing trusted certificate entries does not needs password since they are public in general sense; accessing key entries needs the key password for each of them.


References:

 


 
Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.