I have Generated the keystore using the keytool command, while generating the keystore i have supplied the password for the keystore the command is
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Now accessing the keystore Using JAVA API, i don't have to supply the password to list down the keytool entry, i can see what are the certificate and aliases are present, without providing any password to the keystore
KeyStore store = = KeyStore.getInstance("JKS");
store.load(new ByteArrayInputStream(bOut.toByteArray()), null);
Enumeration en = store.aliases();
while (en.hasMoreElements())
{
String alias = (String)en.nextElement();
System.out.println("found " + alias + ", isCertificate? " + store.isCertificateEntry(alias));
}
While accessing the keystore using the keytool, it prompted for the password as excptect
bash # keytool -list -v -keystore keystore.jks
Enter keystore password:
So is the password is only applicable for keytool ? this is my confusion
You only need the password when updating the keystore, or, via the API, accessing a private key. For example, javax.net.ssl.keyStorePassword is mandatory, but javax.net.ssl.trustStorePassword is optional.