问题
Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control?
Is there a way to ensure that the keys are protected?
I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable?
回答1:
They are encrypted.
The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption.
回答2:
To be more precise:
- PrivateKeys and SecretKeys within a JKS file are encrypted with their own password.
- Integrity of trusted certificates is protected with a MAC using the key store password.
- The file as a whole is not encrypted, and an attacker can list its entries without the key store password.
来源:https://stackoverflow.com/questions/174131/jks-protection