JCE Keystore

The "IBMJCE" provider supplies its own implementation of the java.security.KeyStore class in Java™ 2 SDK, v 1.4. Its implementation employs a much stronger protection of private keys (using password-based encryption with Triple DES) than the keystore implementation supplied by the "SUN" provider prior to Java 2 SDK, v 1.4. (Note that because Java 2 SDK, v 1.4 is distributed world-wide in binary and source format, it cannot employ any strong encryption mechanisms.)

To take advantage of the keystore implementation of the "IBMJCE" provider, you specify "JCEKS" as the keystore type.

You can upgrade your keystore of type JKS (this is the name of the keystore type implemented by the SUN provider in J2SDK) to a JCE keystore of type JCEKS by changing the password of a private-key entry in your keystore. Note that once you have upgraded your keystore, your keystore can be accessed only by a JVM using JCE.

To apply the cryptographically strong key protection supplied by "IBMJCE" to a private key named "signkey" in your default keystore, use the following command, which will prompt you for the old and new key passwords:

 keytool -keypasswd -alias signkey -storetype jceks

You might want to change the password back to its old value, using the same command.

See the Security Tools for more information about keystores and how they are managed.