GitHubContribute in GitHub: Open doc issue|Edit online

Keystores

Learn more about keystores, their file formats, origin and a comparison among various keystores with the information provided here.

A keystore, as the name implies, provides storage for keys. It can be a file or a hardware device. The most popular keystore file formats used by Java™ programs are JKS, JCEKS and PKCS#12. See the following table for comparison:

Keystore file format Origin Store public/private keys and certificates Store secret keys
JKS Proprietary Yes No
JCEKS Proprietary Yes Yes
PKCS#12 Standard Yes No

Table 1. Keystore file formats

Note that the only one of the above keystore formats that can store secret keys is JCEKS. Also in general JCEKS offers greater protection than JKS. JKS, JCEKS and PKCS#12 keystores are protected by a password. Furthermore, each private or secret key inside a keystore can be protected by an individual password. Public key certificates do not have passwords, because normally there is no need to keep them secret.