JKS protection

views:

373

answers:

+2 Q:

Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?

I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?

+2 A:

They are encrypted.

The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.

Shimi Bandiel 2008-10-06 12:54:58

Thanks, can I have more details? Algorithm, key management, etc

AviD 2008-10-06 12:59:41

Shimi Bandiel 2008-10-06 13:26:18

And also maybe this: http://metastatic.org/source/JKS.html

Shimi Bandiel 2008-10-06 13:26:53

Yeah, those links (especially the second) helped. So in short, its *kinda* encrypted, just not particularly well.

AviD 2008-10-09 23:36:48

+3 A:

To be more precise:

PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
Integrity of trusted certificates is protected with a MAC using the key store password.
The file as a whole is not encrypted, and an attacker can list its entries without the key store password.

erickson 2008-10-06 21:05:20

Thanks, can you elaborate on the details? Algorithms, key management, how do i configure this all?

AviD 2008-10-07 05:50:41

ansaurus

tags:

views:

answers:

JKS protection

related questions