密钥存储库和信任存储库之间的区别是什么?
当前回答
密钥存储库包含私钥,以及具有相应公钥的证书。
信任存储库包含来自您希望与之通信的其他方的证书,或来自您信任以识别其他方的证书颁发机构的证书。
其他回答
密钥存储库包含私钥,以及具有相应公钥的证书。
信任存储库包含来自您希望与之通信的其他方的证书,或来自您信任以识别其他方的证书颁发机构的证书。
密钥存储库用于存储特定程序应提供给双方(服务器或客户端)进行验证的私钥和身份证书。
Truststore用于存储来自认证机构(CA)的证书,这些证书用于在SSL连接中验证服务器提供的证书。
本文供参考https://www.educative.io/edpresso/keystore-vs-truststore
First and major difference between trustStore and keyStore is that trustStore is used by TrustManager to determine whether remote connection should be trusted, keyStore is used from KeyManager deciding which authentication credentials should be sent to the remote host for authentication during SSL handshake. Another difference is that keyStore theoretically contains private keys required only if you are running a Server in SSL connection or you have enabled client authentication on server side and on the other hand trustStore stores public key or certificates from CA (Certificate Authorities) which are used to trust remote party or SSL connection. In fact you can store in the same file both private and public keys, given that the the tool to manage those file is the same (keytool), so you could use a single file for both the purposes, but you probably should not. At least on my Mac OSX the default keyStore is ${user.home}/.keystore, and the default trustStore is /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts. If you want to override them you should add the JVM parameters -Djavax.net.ssl.keyStore /path/to/keyStore or -Djavax.net.ssl.trustStore /path/to/trustStore. You might also need to set the keyStore password in case of java.security.UnrecoverableKeyException: Password must not be null, using the parameter -Djavax.net.ssl.trustStorePassword=password or -Djavax.net.ssl.trustStorePassword=password
主要来源:
http://javarevisited.blogspot.co.uk/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html
密钥存储库包含私有密钥。如果你是,你才需要这个 服务器,或者服务器是否需要客户端身份验证。 信任存储库包含要信任的CA证书。如果你的服务器 证书由认可的CA(默认信任库)签署 将会信任它(因为它已经 信任可信赖的ca),所以你不需要建立自己的, 或者从JRE中添加任何东西。
源
您可能还会对Sun的介绍感兴趣,这是标准JSSE文档的一部分:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Stores
通常,信任存储区仅用于存储公钥,用于验证目的,例如使用X.509身份验证。出于可管理性的目的,管理员或开发人员通常会将两者合并到一个存储中。
