Keystore and Truststore are both important and essential for communication with an SSL Certificate. Both are very similar in terms of construct and structure as both are managed by a key tool command. Truststore is used for the storage of certificates from the trusted Certificate Authority (CA) which is used in the verification of the certificate provided by to the server in an SSL connection.
On the other-hand keystore is used to store the private key and own identity certificate to be identified for verification. In an SSL handshake the work of truststore is to verify the credentials whereas the work of keystore is to provide those credentials. These are the most important differences between truststore and keystore but not the only ones. These differences vary in Java and they are as follows –
-Djavax.net.ssl.keyStore for keystore and -Djavax.net.ssl.trustStore for truststore.
The listing, removal and addition of certificates can be done from the Java Keystore by using the keytool utility. Almost all of the SSL clients have an access to the truststore.
Security Considerations for Keystore & Truststore –
Keystores contain private keys whereas truststore do not, hence security for keystores is strict and exacting. In particular –
Creating Trusutstores –
If one is using the default truststore, he/she needs to add Certificate Authority (CA) to the truststore or delete them from truststore and if one is creating custom truststore the one must built the truststore by importing trusted certificates into new truststores. While creating a truststore a password has to be created/selected and they should be same for a given service.
The purpose of a keystore is to protect the privacy, integrity by the use of a password based algorithm. The keys are kept secret to keep them safe and protected from the unwanted third parties and can only be accessed by the someone having the password.
Leave Comment