保存密钥的适当位置

时间:2016-10-09 15:29:13

标签: java keystore

有人可以让我知道或清楚我怀疑在项目工作时应该将钥匙商店放在哪里。

我知道java在secuirty / cancerts&癌症是trutstore&在密钥库中,他们为密钥提供了键值对。

现在我想存储我的自定义密钥库(在该密钥库中包含具有键值对的密钥),那么我要去哪里存储?

是否在项目本身中使用.keystore文件,就像其他一些.properties文件一样?或任何其他位置??

如果是,我是否需要为该密钥库分配证书。我怎么能务实?

下面是在项目本身生成test.keystore的代码...... 

public static void main(String[] args) throws Exception {

    String fileWithKeyStore = "test.keystore";
    KeyStore keyStore = JKSTest.createKeyStore(fileWithKeyStore, "pwdForKeyStoreFile");

    storeKeyInKeyStore(keyStore, fileWithKeyStore);
    // retriveKeyFromKeyStore(keyStore);

}

public static void storeKeyInKeyStore(KeyStore keyStore, String fileWithKeyStore) throws Exception {

    System.out.println(keyStore.getType()); // JCEKS

    /** Storing in key value format like map but with password */
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); // JWT-Key

    keyStore.setEntry("map_key", new KeyStore.SecretKeyEntry(secretKey),
            new PasswordProtection("pwdForMapEntry".toCharArray()));

    keyStore.store(new FileOutputStream(fileWithKeyStore), "pwdForStoringFile".toCharArray());
    System.out.println("Stored Key:\t" + secretKey);

}

public static void retriveKeyFromKeyStore(KeyStore keyStore)
        throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {

    KeyStore.Entry entry = keyStore.getEntry("map_key", new PasswordProtection("pwdForMapEntry".toCharArray()));
    SecretKey keyFound = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
    System.out.println("Found Key:\t" + keyFound);

}


public static KeyStore createKeyStore(String fileName, String pw) throws Exception {
    File file = new File(fileName);

    final KeyStore keyStore = KeyStore.getInstance("JCEKS");
    if (file.exists()) {
        // .keystore file already exists => load it
        keyStore.load(new FileInputStream(file), pw.toCharArray());
        System.out.println("Existing .keystore file loaded!"+file.getAbsolutePath());
    } else {
        // .keystore file not created yet => create it
        keyStore.load(null, null);
        keyStore.store(new FileOutputStream(fileName), pw.toCharArray());
        System.out.println("New .keystore file created!");
    }

    return keyStore;
}

1 个答案:

答案 0 :(得分:0)

To be specific, are you looking for a location to store your private key, or the keystore?

In either case, though, the best place to store them should be your home folder (private keys by default are created in ~/.ssh/ on *nix systems). The private key/ keystore must have restrictive permissions such that only you (the owner of the store) has read access to it (On *nix systems, this should translate to permissions 0400).

相关问题
最新问题