DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • 10 Ways To Keep Your Java Application Safe and Secure
  • What Are the Benefits of Java Module With Example
  • Keep Your Application Secrets Secret
  • Legacy Code Refactoring: Tips, Steps, and Best Practices

Trending

  • What Technical Skills Can You Expect To Gain From a DevOps Course Syllabus?
  • Using Open Source for Data Integration and Automated Synchronizations
  • Microservices With Apache Camel and Quarkus
  • How To Simplify Multi-Cluster Istio Service Mesh Using Admiral
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. JDK9 keytool Transitions Default Keystore to PKCS12

JDK9 keytool Transitions Default Keystore to PKCS12

Among Java 9's many enhancements, the keytool utility has shifted to PKCS12. See what that means for your project's security and what problems remain.

Jim Connors user avatar by
Jim Connors
·
Oct. 26, 17 · News
Like (5)
Save
Tweet
Share
8.47K Views

Join the DZone community and get the full member experience.

Join For Free

When it comes to the JDK9 release, Project Jigsaw has garnered nearly all the attention, sucking the air out of the room and leaving very little oxygen for many other smaller, but interesting enhancements. One such feature addresses the universal quest to modernize overall security and involves an improvement to the keytool utility. For approximately two decades, Java and keytool had relied on the JDK-specific JKS keystore type as its default store. As specified by JEP 229, JDK9 transitions the default keystore to PKCS12.

This change means that any new keystores will be created in the PKCS12 format. It should, however, not affect existing applications that rely upon the original JKS keystore type. Backwards compatibility will be maintained, allowing existing applications to continue operating unmodified for the foreseeable future.

PKCS12 has a number of advantages:

  1. It is more extensible.
  2. It supports stronger cryptographic algorithms.
  3. It is widely adopted. PKCS12 is frequently the format provided by certificate authorities when issuing certificates.

With respect to point (3) above, as mentioned in this previous article, keytool has historically been unable to directly import PKCS12 generated trusted keys and certificates, and instead must rely on external workarounds like the following:

  • Use openssl to create a keystore containing the certificate chain and private key. Then use keytool to import this keystore into either a new or larger keystore.
  • Platforms like Oracle WebLogic contain a utils.ImportPrivateKey class (with a main method) that is included in weblogic.jar which can accomplish this task.

Unfortunately, this shortcoming still exists in JDK9. However, a request for enhancement has been recently been created and can be found here:

  • keytool should be able to import private keys: https://bugs.openjdk.java.net/browse/JDK-8189321

Perhaps enough folks can weigh in and vote, increasing its priority.

application Advantage (cryptography) Release (agency) AIR (program) Requests OpenSSL security Java (programming language) Task (computing)

Published at DZone with permission of Jim Connors. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • 10 Ways To Keep Your Java Application Safe and Secure
  • What Are the Benefits of Java Module With Example
  • Keep Your Application Secrets Secret
  • Legacy Code Refactoring: Tips, Steps, and Best Practices

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: