Different types of keystore in Java -- JCEKS

  Pi Ke        2015-01-05 00:30:56       54,071        1    

JCEKS stands for Java Cryptography Extension KeyStore and it is an alternative keystore format for the Java platform. Storing keys in a KeyStore can be a measure to prevent your encryption keys from being exposed. Java KeyStores securely contain individual certificates and keys that can be referenced by an alias for use in a Java program.

The process of storing and loading different entries in JCEKS is similar to what JKS does. So please refer to the article Different types of keystore in Java -- JKS. Change the keystore type from JKS to JCEKS accordingly when calling KeyStore.getInstance().

In this post, we will only cover the process of storing secret keys in JCEKS keystore. The secret key entry will be sealed and stored in the keystore to protect the key data. Please provide a strong password when storing the entry into the keystore.

Store secret key

The secret key can be stored in JCEKS keystore with below code.

try{
	KeyStore keyStore = KeyStore.getInstance("JCEKS");
	keyStore.load(null, null);
	
	KeyGenerator keyGen = KeyGenerator.getInstance("DES");
	keyGen.init(56);;
	Key key = keyGen.generateKey();
	
	keyStore.setKeyEntry("secret", key, "password".toCharArray(), null);
	
	keyStore.store(new FileOutputStream("output.jceks"), "password".toCharArray());
} catch (Exception ex) {
	ex.printStackTrace();
}

Load secret key

The stored secret key can be extracted from JCEKS keystore in Java. The extracted key can be used to encrypt/decrypt data as normal.

try{
	KeyStore keyStore = KeyStore.getInstance("JCEKS");
	keyStore.load(new FileInputStream("output.jceks"), "password".toCharArray());
	
	Key key = keyStore.getKey("secret", "password".toCharArray());
	
	System.out.println(key.toString());
} catch (Exception ex) {
	ex.printStackTrace();
}

The output is :

javax.crypto.spec.SecretKeySpec@fffe7b9b

For the different types of keystores, please refer to Different types of keystore in Java -- Overview.

JAVA  KEYSTORE  JCEKS  TUTORIAL 

       

  RELATED


  1 COMMENT


Anonymous [Reply]@ 2021-03-04 15:02:23

why using "password" twice just after you said "please use strong password" :(



  RANDOM FUN

A sad bitcoin story