Keytool & Keystore
A keystore is a protected database that holds keys and certificates for an enterprise. Access to a keystore is guarded by a password (defined at the time the keystore is created, by the person who creates the keystore, and changeable only when providing the current password). In addition, each private key in a keystore can be guarded by its own password.
There is a tool named keytool ( for Solaris ) ( for Windows ) that can be used to create public/private key pairs and self-signed X.509 v1 certificates, and to manage keystores. Keys and certificates are used to digitally sign your Java applications and applets (see the jarsigner ( for Solaris ) ( for Windows ) tool).
Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
Hardware Keystore vs File Keystore
Identity is more likely to be store in hardware keystores such as nCipher. Trust can be stored in a file-based JDK keystore without having security issues since trust only has certificates not private keys.
- Display certs and private keys in keystore
- Import a new certificate for an existing private key in keystore
- Import a DER certificate (but not its private key) into a keystore by hansPP on 2014-09-26
- Importing private key into keystore with keytool by SergeM on 2014-09-26
- Loading an Existing Identity (Private Key & Digital Certificate) from a File to a Keystore by info on 2015-09-12
- Export a certificate (but not its private key) from a keystore into a DER file & a PEM file
- Export Private Key from Keystore
- Converting jks to pkcs12 by info on 2017-04-25
- Using keytool to generate Private Key, CSR & install VeriSign Certificate by tmayes123 on 2014-09-26