Keystores
Learn more about keystores, their file formats, origin and a comparison among various keystores with the information provided here.
A keystore, as the name implies, provides storage for keys. It can be a file or a hardware device. The most popular keystore file formats used by Java™ programs are JKS, JCEKS and PKCS#12. See the following table for comparison:
Keystore file format | Origin | Store public/private keys and certificates | Store secret keys |
---|---|---|---|
JKS | Proprietary | Yes | No |
JCEKS | Proprietary | Yes | Yes |
PKCS#12 | Standard | Yes | No |
Table 1. Keystore file formats
Note that the only one of the above keystore formats that can store secret keys is JCEKS. Also in general JCEKS offers greater protection than JKS. JKS, JCEKS and PKCS#12 keystores are protected by a password. Furthermore, each private or secret key inside a keystore can be protected by an individual password. Public key certificates do not have passwords, because normally there is no need to keep them secret.