keystore : Java Glossary

* 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)

keystore

In Java version 1.2 or later, the .keystore file contains your public and private keys. The peculiar leading dot makes the file hidden in Unix.

By default, .keystore has no password, though you normally assign it one with keytool.exe. Don’t lose the password. There is no way to recover it. You would have to start over and create a new empty .keystore with keytool.exe.

.keystore is stored in a binary jks format JKS (Java Key Store) similar to PKCS #12 containing both public and private keys, protected by a passphrase. The first four signature bytes of a Sun .keystore file in hex are FEEDFEED.

Location

Since Java does not automatically create .keystore, The sysadmin might put it wherever he pleases. Likely places to look include:

Unix:
${user.home}/.java/deployment/security/.keystore
Windows 7
C:\Users\user\.keystore
Vista:
C:\Users\user\Roaming\Sun\Java\Deployment\security\.keystore
C:\Users\user\.keystore
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\security\.keystore
C:\Program Files\java\jre1.8.0_131\\lib\security\.keystore
XP:
"C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\security\.keystore"
C:\Documents and Settings\user\.keystore
Win2K:
C:\WINNT\Profiles\user\.keystore

It is supposed to be in:

Unix : ${user.home}/.java/deployment/security
Windows : ${deployment.user.home}\security

Where user.home and deployment.user.home are system properties. C:\Program Files (x86)\Java\jre6\lib\security\.

Make sure you back up your .keystore files especially when upgrading your OS (Operating System) or Java. Otherwise you will lose your code signing certificates.

Usually the .keystore file is stored in Sun JKS format, but keytool.exe is capable of dealing with other formats as well. Here is how to find out what other formats

Browser Keystores

It is possible for Java to get at the keystores of the various Mozilla family brewers using a tool called JSS (Network Security Services for Java). Java automatically accesses the Windows/Internet Explorer keystores when validating code-signing certificates for Applets and Java Web Start.

Learning More

Oracle’s Java 1.8 documentation on : Browser keystores

Oracle’s Javadoc on KeyStore class : available:

on the web at Oracle.com
in the current JDK 1.8.0_131 on your local Windows J: drive.

cacerts
certificate
jar
jarsigner.exe
keyman: a more user-friendly .keystore manipulator
KeyTool IUI: third party GUI version of keytool
keytool.exe
PKCS
RSA cipher: sample code to extract cert from .keystore

standard footer
	This page is posted on the web at:	http://mindprod.com/jgloss/keystore.html
	Optional Replicator mirror of mindprod.com on local hard disk J:	J:\mindprod\jgloss\keystore.html
	Please read the feedback from other visitors, or send your own feedback about the site. Contact Roedy. Please feel free to link to this page without explicit permission.
	Canadian Mind Products IP:[65.110.21.43] Your face IP:[3.16.203.175]
Feedback	You are visitor number