What is the correct setup using keystores for SSL handshakes in Java
Question
I am developing a secure chat program in Java using JSSE.
For 2 people to communicate you specify the keystore to use eg Bob will start the program with bob.keystore and alice will start program with alice.keystore
The way I have it setup and working is as follows
On Bob's side he has a keystore that has his keypair and has Alice's certificate imported as a trusted cert.
On Alices's side she has a keystore with her keypair and Bob's certificate imported as a trusted cert.
Is this the correct setup/procedure?
1 answers
solution1
0 2015-01-16 00:13:01
On Bob's side he has a keystore that has his keypair and has Alice's certificate imported as a trusted cert.
Bob should have:
- a keystore containing his keypair and certificate, and
- a truststore containing Alice's exported certificate.
On Alices's side she has a keystore with her keypair and Bob's certificate imported as a trusted cert.
Alice should have:
- a keystore containing her keypair and certificate, and
- a truststore containing Bob's exported certificate.
Is this the correct setup/procedure?
No. A keystore is a precious, private thing containing privacy-critical data. A truststore just contains other people's certificates so there is nothing precious about it. You should not use the same physical file for both purposes. That's why they are separated in JSSE.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.