KeyStore Entries

Keystores may have different types of entries. The two most applicable entry types for keytool include:

1. key entries - each holds very sensitive cryptographic key information, which is stored in a protected format to prevent unauthorized access. Typically, a key stored in this type of entry is a secret key, or a private key accompanied by the certificate "chain" for the corresponding public key. The keytool can handle both types of entry, while jarsigner tool only handle the latter type of entry, that is private keys and their associated certificate chains.
2. trusted certificate entries - each contains a single public key certificate belonging to another party. It is called a "trusted certificate" because the keystore owner trusts that the public key in the certificate indeed belongs to the identity identified by the "subject" (owner) of the certificate. The issuer of the certificate vouches for this, by signing the certificate.