Search code examples
javasslkeystoretruststore

How to identify whether the .jks is a keystore or a truststore?

I have a .jks file. How can I identify whether it is a Keystore or a trust store?

Solution

  • There's not much of a difference, you can theoretically use one store for both purposes; Not that it's recommended though..

    However, if you use Java Keytool to -list the contents of your stores, a Keystore should contain mainly PrivateKeyEntrys and a Truststore should contain mainly trustedCertEntrys

    KeyStore:

    Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
<alias-1>, MMM dd, yyyy, PrivateKeyEntry,
Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
<alias-2>, MMM dd, yyyy, PrivateKeyEntry,

    TrustStore:

    Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
<alias-1>, MMM dd, yyyy, trustedCertEntry,
Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
<alias-2>, MMM dd, yyyy, trustedCertEntry,