Skip to content

Most visited

Recently visited

navigation
Added in API level 1

KeyStore

public class KeyStore
extends Object

java.lang.Object
   ↳ java.security.KeyStore


KeyStore is responsible for maintaining cryptographic keys and their owners.

The type of the system key store can be changed by setting the 'keystore.type' property in the file named JAVA_HOME/lib/security/java.security.

See also:

Summary

Nested classes

class KeyStore.Builder

Builder is used to construct new instances of KeyStore

class KeyStore.CallbackHandlerProtection

CallbackHandlerProtection is a ProtectionParameter that encapsulates a CallbackHandler

interface KeyStore.Entry

Entry is the common marker interface for a KeyStore entry. 

interface KeyStore.LoadStoreParameter

LoadStoreParameter represents a parameter that specifies how a KeyStore can be loaded and stored. 

class KeyStore.PasswordProtection

PasswordProtection is a ProtectionParameter that protects a KeyStore using a password. 

class KeyStore.PrivateKeyEntry

PrivateKeyEntry represents a KeyStore entry that holds a private key. 

interface KeyStore.ProtectionParameter

ProtectionParameter is a marker interface for protection parameters. 

class KeyStore.SecretKeyEntry

SecretKeyEntry represents a KeyStore entry that holds a secret key. 

class KeyStore.TrustedCertificateEntry

TrustedCertificateEntry represents a KeyStore entry that holds a trusted certificate. 

Protected constructors

KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)

Constructs a new instance of KeyStore with the given arguments.

Public methods

final Enumeration<String> aliases()

Returns an Enumeration over all alias names stored in this KeyStore.

final boolean containsAlias(String alias)

Indicates whether the given alias is present in this KeyStore.

final void deleteEntry(String alias)

Deletes the entry identified with the given alias from this KeyStore.

final boolean entryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)

Indicates whether the entry for the given alias is assignable to the provided Class.

final Certificate getCertificate(String alias)

Returns the trusted certificate for the entry with the given alias.

final String getCertificateAlias(Certificate cert)

Returns the alias associated with the first entry whose certificate matches the specified certificate.

final Certificate[] getCertificateChain(String alias)

Returns the certificate chain for the entry with the given alias.

final Date getCreationDate(String alias)

Returns the creation date of the entry with the given alias.

final static String getDefaultType()

Returns the default type for KeyStore instances.

final KeyStore.Entry getEntry(String alias, KeyStore.ProtectionParameter param)

Returns the Entry with the given alias, using the specified ProtectionParameter.

static KeyStore getInstance(String type, String provider)

Returns a new instance of KeyStore from the specified provider with the given type.

static KeyStore getInstance(String type, Provider provider)

Returns a new instance of KeyStore from the specified provider with the given type.

static KeyStore getInstance(String type)

Returns a new instance of KeyStore with the specified type.

final Key getKey(String alias, char[] password)

Returns the key with the given alias, using the password to recover the key from the store.

final Provider getProvider()

Returns the provider associated with this KeyStore.

final String getType()

Returns the type of this KeyStore.

final boolean isCertificateEntry(String alias)

Indicates whether the specified alias is associated with a KeyStore.TrustedCertificateEntry.

final boolean isKeyEntry(String alias)

Indicates whether the specified alias is associated with either a KeyStore.PrivateKeyEntry or a KeyStore.SecretKeyEntry.

final void load(InputStream stream, char[] password)

Initializes this KeyStore from the provided InputStream.

final void load(KeyStore.LoadStoreParameter param)

Loads this KeyStore using the specified LoadStoreParameter.

final void setCertificateEntry(String alias, Certificate cert)

Associates the given alias with a certificate.

final void setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter param)

Stores the given Entry in this KeyStore and associates the entry with the given alias.

final void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)

Associates the given alias with the key, password and certificate chain.

final void setKeyEntry(String alias, byte[] key, Certificate[] chain)

Associates the given alias with a key and a certificate chain.

final int size()

Returns the number of entries stored in this KeyStore.

final void store(OutputStream stream, char[] password)

Writes this KeyStore to the specified OutputStream.

final void store(KeyStore.LoadStoreParameter param)

Stores this KeyStore using the specified LoadStoreParameter.

Inherited methods

From class java.lang.Object

Protected constructors

KeyStore

Added in API level 1
KeyStore (KeyStoreSpi keyStoreSpi, 
                Provider provider, 
                String type)

Constructs a new instance of KeyStore with the given arguments.

Parameters
keyStoreSpi KeyStoreSpi: the concrete key store.
provider Provider: the provider.
type String: the type of the KeyStore to be constructed.

Public methods

aliases

Added in API level 1
Enumeration<String> aliases ()

Returns an Enumeration over all alias names stored in this KeyStore.

Returns
Enumeration<String> an Enumeration over all alias names stored in this KeyStore.
Throws
KeyStoreException if this KeyStore is not initialized.

containsAlias

Added in API level 1
boolean containsAlias (String alias)

Indicates whether the given alias is present in this KeyStore.

Parameters
alias String: the alias of an entry.
Returns
boolean true if the alias exists, false otherwise.
Throws
KeyStoreException if this KeyStore is not initialized.

deleteEntry

Added in API level 1
void deleteEntry (String alias)

Deletes the entry identified with the given alias from this KeyStore.

Parameters
alias String: the alias for the entry.
Throws
KeyStoreException if this KeyStore is not initialized, or if the entry can not be deleted.

entryInstanceOf

Added in API level 1
boolean entryInstanceOf (String alias, 
                Class<? extends KeyStore.Entry> entryClass)

Indicates whether the entry for the given alias is assignable to the provided Class.

Parameters
alias String: the alias for the entry.
entryClass Class: the type of the entry.
Returns
boolean true if the Entry for the alias is assignable to the specified entryClass.
Throws
KeyStoreException if this KeyStore is not initialized.

getCertificate

Added in API level 1
Certificate getCertificate (String alias)

Returns the trusted certificate for the entry with the given alias.

Parameters
alias String: the alias for the entry.
Returns
Certificate the trusted certificate for the entry with the given alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

getCertificateAlias

Added in API level 1
String getCertificateAlias (Certificate cert)

Returns the alias associated with the first entry whose certificate matches the specified certificate.

Parameters
cert Certificate: the certificate to find the associated entry's alias for.
Returns
String the alias or null if no entry with the specified certificate can be found.
Throws
KeyStoreException if this KeyStore is not initialized.

getCertificateChain

Added in API level 1
Certificate[] getCertificateChain (String alias)

Returns the certificate chain for the entry with the given alias.

Parameters
alias String: the alias for the entry.
Returns
Certificate[] the certificate chain for the entry with the given alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

getCreationDate

Added in API level 1
Date getCreationDate (String alias)

Returns the creation date of the entry with the given alias.

Parameters
alias String: the alias for the entry.
Returns
Date the creation date, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

getDefaultType

Added in API level 1
String getDefaultType ()

Returns the default type for KeyStore instances.

The default is specified in the 'keystore.type' property in the file named java.security properties file. If this property is not set, "jks" will be used.

Returns
String the default type for KeyStore instances

getEntry

Added in API level 1
KeyStore.Entry getEntry (String alias, 
                KeyStore.ProtectionParameter param)

Returns the Entry with the given alias, using the specified ProtectionParameter.

Parameters
alias String: the alias of the requested entry.
param KeyStore.ProtectionParameter: the ProtectionParameter used to protect the requested entry, maybe null.
Returns
KeyStore.Entry he Entry with the given alias, using the specified ProtectionParameter.
Throws
NoSuchAlgorithmException if the required algorithm is not available.
UnrecoverableEntryException if the entry can not be recovered.
KeyStoreException if this KeyStore is not initialized.
NullPointerException if alias is null.

getInstance

Added in API level 1
KeyStore getInstance (String type, 
                String provider)

Returns a new instance of KeyStore from the specified provider with the given type.

Parameters
type String: the type of the returned KeyStore.
provider String: name of the provider of the KeyStore.
Returns
KeyStore a new instance of KeyStore from the specified provider with the given type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
NoSuchProviderException if the specified provider is not available.
IllegalArgumentException if provider == null || provider.isEmpty()
NullPointerException if type is null (instead of NoSuchAlgorithmException) as in 1.4 release

See also:

getInstance

Added in API level 1
KeyStore getInstance (String type, 
                Provider provider)

Returns a new instance of KeyStore from the specified provider with the given type. The provider supplied does not have to be registered.

Parameters
type String: the type of the returned KeyStore.
provider Provider: the provider of the KeyStore.
Returns
KeyStore a new instance of KeyStore from the specified provider with the given type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
IllegalArgumentException if provider is null or the empty string.
NullPointerException if type == null (instead of NoSuchAlgorithmException) as in 1.4 release

See also:

getInstance

Added in API level 1
KeyStore getInstance (String type)

Returns a new instance of KeyStore with the specified type.

Parameters
type String: the type of the returned KeyStore.
Returns
KeyStore a new instance of KeyStore with the specified type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
NullPointerException if type == null

See also:

getKey

Added in API level 1
Key getKey (String alias, 
                char[] password)

Returns the key with the given alias, using the password to recover the key from the store.

Parameters
alias String: the alias for the entry.
password char: the password used to recover the key.
Returns
Key the key with the specified alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.
NoSuchAlgorithmException if the algorithm for recovering the key is not available.
UnrecoverableKeyException if the key can not be recovered.

getProvider

Added in API level 1
Provider getProvider ()

Returns the provider associated with this KeyStore.

Returns
Provider the provider associated with this KeyStore.

getType

Added in API level 1
String getType ()

Returns the type of this KeyStore.

Returns
String the type of this KeyStore.

isCertificateEntry

Added in API level 1
boolean isCertificateEntry (String alias)

Indicates whether the specified alias is associated with a KeyStore.TrustedCertificateEntry.

Parameters
alias String: the alias of an entry.
Returns
boolean true if the given alias is associated with a certificate entry.
Throws
KeyStoreException if this KeyStore is not initialized.

isKeyEntry

Added in API level 1
boolean isKeyEntry (String alias)

Indicates whether the specified alias is associated with either a KeyStore.PrivateKeyEntry or a KeyStore.SecretKeyEntry.

Parameters
alias String: the alias of an entry.
Returns
boolean true if the given alias is associated with a key entry.
Throws
KeyStoreException if this KeyStore is not initialized.

load

Added in API level 1
void load (InputStream stream, 
                char[] password)

Initializes this KeyStore from the provided InputStream. Pass null as the stream argument to initialize an empty KeyStore or to initialize a KeyStore which does not rely on an InputStream. This KeyStore utilizes the given password to verify the stored data.

Parameters
stream InputStream: the InputStream to load this KeyStore's data from or null.
password char: the password to verify the stored data, maybe null.
Throws
IOException if a problem occurred while reading from the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while loading the certificates of this KeyStore.

load

Added in API level 1
void load (KeyStore.LoadStoreParameter param)

Loads this KeyStore using the specified LoadStoreParameter.

Parameters
param KeyStore.LoadStoreParameter: the LoadStoreParameter that specifies how to load this KeyStore, maybe null.
Throws
IOException if a problem occurred while reading from the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while loading the certificates of this KeyStore.
IllegalArgumentException if the given KeyStore.LoadStoreParameter is not recognized.

setCertificateEntry

Added in API level 1
void setCertificateEntry (String alias, 
                Certificate cert)

Associates the given alias with a certificate.

If the specified alias already exists, it will be reassigned.

Parameters
alias String: the alias for the certificate.
cert Certificate: the certificate.
Throws
KeyStoreException if this KeyStore is not initialized, or an existing alias is not associated to an entry containing a trusted certificate, or this method fails for any other reason.
NullPointerException if alias is null.

setEntry

Added in API level 1
void setEntry (String alias, 
                KeyStore.Entry entry, 
                KeyStore.ProtectionParameter param)

Stores the given Entry in this KeyStore and associates the entry with the given alias. The entry is protected by the specified ProtectionParameter.

If the specified alias already exists, it will be reassigned.

Parameters
alias String: the alias for the entry.
entry KeyStore.Entry: the entry to store.
param KeyStore.ProtectionParameter: the ProtectionParameter to protect the entry.
Throws
KeyStoreException if this KeyStore is not initialized.
NullPointerException if alias is null or entry is null.

setKeyEntry

Added in API level 1
void setKeyEntry (String alias, 
                Key key, 
                char[] password, 
                Certificate[] chain)

Associates the given alias with the key, password and certificate chain.

If the specified alias already exists, it will be reassigned.

Parameters
alias String: the alias for the key.
key Key: the key.
password char: the password.
chain Certificate: the certificate chain.
Throws
KeyStoreException if this KeyStore is not initialized.
IllegalArgumentException if key is a PrivateKey and chain does not contain any certificates.
NullPointerException if alias is null.

setKeyEntry

Added in API level 1
void setKeyEntry (String alias, 
                byte[] key, 
                Certificate[] chain)

Associates the given alias with a key and a certificate chain.

If the specified alias already exists, it will be reassigned.

If this KeyStore is of type "jks", key must be encoded conform to the PKS#8 standard as an EncryptedPrivateKeyInfo.

Parameters
alias String: the alias for the key.
key byte: the key in an encoded format.
chain Certificate: the certificate chain.
Throws
KeyStoreException if this KeyStore is not initialized or if key is null.
IllegalArgumentException if key is a PrivateKey and chain does.
NullPointerException if alias is null.

size

Added in API level 1
int size ()

Returns the number of entries stored in this KeyStore.

Returns
int the number of entries stored in this KeyStore.
Throws
KeyStoreException if this KeyStore is not initialized.

store

Added in API level 1
void store (OutputStream stream, 
                char[] password)

Writes this KeyStore to the specified OutputStream. The data written to the OutputStream is protected by the specified password.

Parameters
stream OutputStream: the OutputStream to write the store's data to.
password char: the password to protect the data.
Throws
KeyStoreException if this KeyStore is not initialized.
IOException if a problem occurred while writing to the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while storing the certificates of this KeyStore.

store

Added in API level 1
void store (KeyStore.LoadStoreParameter param)

Stores this KeyStore using the specified LoadStoreParameter.

Parameters
param KeyStore.LoadStoreParameter: the LoadStoreParameter that specifies how to store this KeyStore, maybe null.
Throws
KeyStoreException if this KeyStore is not initialized.
IOException if a problem occurred while writing to the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while storing the certificates of this KeyStore.
IllegalArgumentException if the given KeyStore.LoadStoreParameter is not recognized.
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.