trustStore vs keyStore inwards Java
trustStore too keyStore are used inwards context of setting upwards SSL connexion inwards Java application betwixt customer too server. TrustStore too keyStore are rattling much similar inwards price of produce too construction every bit both are managed yesteryear keytoolcommand too represented yesteryear KeyStore programatically but they oftentimes confused Java programmer both beginners too intermediate alike. Only difference betwixt trustStore too keyStore is what they shop too at that spot purpose. In SSL handshake role of trustStore is to verify credentials too role of keyStore is to render credential. keyStore inwards Java stores individual commutation too certificates corresponding to at that spot world keys too require if yous are SSL Server or SSL requires customer authentication. TrustStore stores certificates from 3rd party, your Java application communicate or certificates signed yesteryear CA(certificate regime similar Verisign, Thawte, Geotrust or GoDaddy) which tin sack move used to position 3rd party. This is instant article on setting upwards SSL on Java program, In final post service nosotros convey seen How to import SSL certificates into trustStore too keyStore too In this Java article nosotros volition to a greater extent than or less differences betwixt keystore too truststore inwards Java, which volition tending to empathize this concept better.
Difference betwixt trustStore too keyStore inwards Java
Here is the listing of virtually common deviation betwixt keyStore too trustStore. I convey already mentioned commutation deviation inwards showtime paragraph which is related to role of keyStore too trustStore, which nosotros volition come across hither is trivial to a greater extent than detail. 1)First too major deviation betwixt trustStore too keyStore is that trustStore is used yesteryear TrustManager too keyStore is used yesteryear KeyManager class inwards Java. KeyManager too TrustManager performs unlike project inwards Java, TrustManager determines whether remote connexion should move trusted or non i.e. whether remote political party is who it claims to too KeyManager decides which authentication credentials should move sent to the remote host for authentication during SSL handshake. if yous are an SSL Server yous volition utilization individual commutation during commutation exchange algorithm too shipping certificates corresponding to your world keys to client, this certificate is acquired from keyStore. On SSL customer side, if its written inwards Java, it volition utilization certificates stored inwards trustStore to verify identity of Server. SSL certificates are virtually usually comes every bit .cer file which is added into keyStore or trustStore yesteryear using whatsoever commutation administration utility e.g. keytool. See my post service How to add together certificates into trustStore for measuring yesteryear measuring direct on adding certificates into keyStore or trustStore inwards Java.
2) Another deviation betwixt trustStore too keyStore inwards rather unproblematic price is that keyStore contains individual keys too required exclusively if yous are running a Server inwards SSL connexion or yous convey enabled client authentication on server side. On the other mitt trustStore stores world commutation or certificates from CA (Certificate Authorities) which is used to trust remote political party or SSL connection.
3)One to a greater extent than deviation betwixt trustStore vs KeyStore is that nosotros utilization -Djavax.net.ssl.keyStore to specify path for keyStore too -Djavax.net.ssl.trustStore to specify path for trustStore inwards Java.
4) Another deviation betwixt trustStore too keyStore is that, If yous shop your personal certificate along amongst signer certificate inwards trustStore, you tin sack utilization same file every bit both trustStore too keyStore. By the agency its expert thought to dissever personal certificate too signer certificates inwards keyStore too trustStore for ameliorate management.
5) One to a greater extent than API score deviation betwixt keyStore too trustStore is that password of keyStore is provided using -Djavax.net.ssl.keyStorePassword too password of trustStore is provided using -Djavax.net.ssl.trustStorePassword.
That’s all on deviation betwixt trustStore too keyStore inwards Java. You tin sack nonetheless utilization same file every bit trustStore too keyStore inwards Java to avoid maintaining 2 dissever files, but its expert thought to segregate world keys too individual keys inwards 2 unlike files, its to a greater extent than verbose too self explanatory that which 1 holds CA certificates to trust server too which contains client's individual keys.
Further Reading
Complete Java Masterclass
Learn Spring Security yesteryear Eugen
How to perform LDAP authentication inwards Java application using Spring Security