views:

4548

answers:

3

In Java, what's the difference between a keystore and a truststore?

+5  A: 

A keystore contains private keys, and the certificates with their corresponding public keys.

A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.

Darron
+3  A: 
  1. A keystore contains a private key. You only need this if you are a server, or if the server requires client authentication.

  2. A truststore contains CA certifcates to trust. If your server’s certificate is signed by a recognized CA, the default truststore that ships with the JR will already trust it (because it already trusts trustworthy CAs), so you don’t need to build your own, or to add anything to the one from the JRE.

http://mynotes.wordpress.com/2009/08/04/difference-between-keystore-truststore/

+1  A: 

You may also be interested in the write-up from Sun, as part of the standard JSSE documentation:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Stores

Typically, the trust store is used to store only public keys, for verification purposes, such as with X.509 authentication. For manageability purposes, it's quite common for admins or developers to simply conflate the two into a single store.

Peter Mularien