TrustStore用于存储来自认证机构 (CA) 的证书,用于验证服务器在 SSL 连接。 Keystore用于存储特定程序应提供给双方(服务器或客户端)以进行验证的私钥和身份证书。这得出结论,它们彼此相反。通俗地说,我们可以直接得出结论,在一个认证中,trustStore 持有识别他人的身份证明,而 keyStore 持有持有我们的身份证明。
在Java和在编程语言中一样,每当我们尝试与第三方应用程序进行通信时,都会使用这个概念。客户端和服务端的连接用keyStore和trustStore的图解表示,如下:
TrustStore 和 KeyStore 的区别如下表所示:
|
TrustStore |
KeyStore |
|---|---|
|
TrustStore doesn’t contain private and sensitive information. |
Keystore contains private and sensitive information. |
|
javax.net.ssl.trustStore is used to specify TrustStore. |
javax.net.ssl.keyStore is used to specify Keystore. |
|
TrustStore setup is required for the successful connection at the client side. |
Keystore is needed when you are setting up the server-side on SSL. |
|
TrustStore stores other’s credentials. |
Keystore stores your credential. |
|
A TrustStore holds the certificates of external systems that you trust. |
A KeyStore holds your application’s certificates. |
|
TrustStore password is given by following extension Djavax.net.ssl.trustStorePassword. |
KeyStore password is given by following extension Djavax.net.ssl.keyStorePassword |
|
TrustStore and TrustStore passwords are stored in clear files and is visible to all. |
Keystore and key passwords are stored in plain text, in a file that is readable only by members of the appropriate group. |