Dr. David J. Knowles
Since version 1.4.2 Java has been capable of creating secure socket connections (SSL/TLS) as part of the standard Java runtime. As part of this support Java now includes the concept of a "key store". This is a repository of SSL certificates and private keys which can be loaded in a Java application and used to open secure connections.
If you wish to only create a client connection to an existing SSL server then a key store is not required. However if the Java application wishes to create a server socket which listens for incoming connections or the client application wishes to authenticate the server then a key store is required to hold the needed SSL certificates. A key store can be several different formats however the default type is JKS (Java Key Store).
Key stores are somewhat opaque and it often requires a moderate knowledge of certificates to understand how they work. There is an application which is included with Java called
keytool. This application performs numerous key store operations however it is somewhat arcane and difficult to understand.
The Key Store Browser is a simple Java Swing application which allows the user to create/open Java key stores and perform some simple operations such as importing/exporting certificates and viewing information on certificates in the key store.
To use the Key Store Browser you must be using a Java runtime of version 1.4.2 or later.
To start the program simply double click on the jar or run the following command line:
java -jar KeyStoreBrowser.jar
The main window will appear.
The program is menu driven. The operations supported by the program are:
|File||This menu contains the operations which load/save key stores to the file system.|
|File/New KeyStore||This creates a new key store into which the certificates can be imported. This operation requires the password used to secure the key store.|
|File/Open||This opens an existing key store and allows the user to manipulate/view the contents. The password of the key store is required during the open process.|
|File/Save||This opens an existing key store and allows the user to manipulate/view the contents. The password of the key store is required during the open process.|
|File/Save As||Allows the user to specify the file name of the key store to save. This is then used as the default for all save operations.|
|File/Exit||Exits the program all changes to a key store which were not saved will be lost.|
|Actions||These actions operate on a key store and hence a key store must have been loaded or created before they can be performed. They relate mainly to getting or putting certificates out of or into the key store.|
|Actions/Import PKCS12||This action loads a PKCS12 certificate file into the key store. Most certificates supplied by a certificate authority will be of this format. You will be requested for a password to unlock the certificate file.|
|Actions/Import PEM||This allows the importing of a PEM encoded public certificate. This program cannot currently handle the private key in PEM format. This is a good way of importing server certificates for client authentication.|
|Actions/Export PKCS12||Exports the selected certificate into a PKCS12 certificate file. You will be required to specify the password which encrypts the file.|
|Actions/Export PEM||Exports a selected certificate into PEM format. If the certificate in the key store contains a private key, it will also be exported however the key will not be encrypted.|
|Actions/Set Alias Name||Certificates are giving a simple alias which aids the user to find the required certificate. This action allows the user to change the current alias for a certificate.|
|Actions/Remove||Removes the selected certificate from the key store.|
|Actions/Remove All||Removes all the certificates from the key store.|
|Help/About||Shows a simple About dialog.|
The JavaDoc for the Key Store Browser can be found here: KeyStoreBrowser JavaDoc.
The Key Store Browser is Copyright © 2006 Clearfield Ltd. This software is made available under the terms of the BSD license. Feel free to modify and redistribute at will. This software has been posted here in the hope it will be useful, but comes with no warranties - express or implied. See the accompanying license.txt for full details.