1)trustStore is used by TrustManager class and keyStore is used by KeyManager class in Java. KeyManager and TrustManager performs different job in Java. TrustManager determines whether remote connection should be trusted i.e. whether remote party is the one who it claims to be and KeyManager decides which authentication credentials should be sent to the remote host for authentication during SSL handshake. On SSL Server side, server uses private key during key exchange algorithm and send certificates corresponding to public keys to client, this certificate is acquired from keyStore. On SSL java client side, it uses certificates stored in trustStore to verify identity of Server. SSL certificates are most commonly comes as .cer file which is added into keyStore or trustStore by using any key management utility e.g. keytool.
2)trustStore stores public key or certificates from CA (Certificate Authorities) which is used to trust remote party or SSL connection. keyStore contains private keys and required only if you are running a Server in SSL connection or you have enabled client authentication on server side.
3)trustStore uses -Djavax.net.ssl.trustStore to specify path, however keyStore uses -Djavax.net.ssl.keyStore to specify path in Java.
4)trustStore uses -Djavax.net.ssl.trustStorePassword to specify password, however keyStore uses -Djavax.net.ssl.keyStorePassword to specify password.
5)If you store your personal certificate along with signer certificate in trustStore, you can use same file as both trustStore and keyStore, though it's not recommended
Overall, trustStore is to verify credentials, and keyStore is to provide credential. trustStore is used for client side, and keyStore is used for server side.
No comments :
Post a Comment