The JKS keystore format is the format that originally shipped with Java. It is implemented by the traditional "Sun" cryptography provider.
JCEKS is an improved keystore format introduced with the Java Cryptography Extension (JCE). It is implemented by the SunJCE cryptography provider.
- JCEKS keystores improve upon JKS keystores in 2 ways:
- A stronger key protection algorithm is used
- They allow for arbitrary (symmetric) secret keys to be stored (e.g. AES, DES, etc.)
KeyStore
entries
A dictionary of all entries in the keystore, mapped by alias.
store_type
A string indicating the type of keystore that was loaded. Can be one of jks
, jceks
.
TrustedCertEntry
PrivateKeyEntry
pkey
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
A byte string containing the value of the privateKey
field of the PKCS#8 PrivateKeyInfo
representation of the private key. See RFC 5208, section 5: Private-Key Information Syntax.
pkey_pkcs8
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
A byte string containing the DER-encoded PKCS#8 PrivateKeyInfo
representation of the private key. See RFC 5208, section 5: Private-Key Information Syntax.
algorithm_oid
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
A tuple of integers corresponding to the algorithm OID for which the private key is valid.
Common values include:
(1,2,840,113549,1,1,1)
(aliasrsaEncryption
)(1,2,840,10040,4,1)
(aliasid-dsa
).
SecretKeyEntry
algorithm
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
A string containing the name of the algorithm for which the key is valid, as known to the Java cryptography provider that supplied the corresponding SecretKey object.
key
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
A byte string containing the raw secret key.
key_size
Note
Only accessible after a call to decrypt
; until then, accessing this attribute will raise a ~jks.util.NotYetDecryptedException
. See also try_decrypt_keys
on jks.jks.KeyStore.loads
.
An integer containing the size of the key, in bits. For DES and 3DES keys, the sizes 64 bits resp. 192 bits are returned.