A database containing keys is called a Java Keystore. These keys, also known as certificates, are commonly used in Java code. In Java code, these certificates and the keystore that contains them are applied to create secure connections and are typically stored in several formats. The following class represents the Java Keystore −


The following keys are stored in the Java Keystore −

  • Private keys
  • Certificates and public keys
  • Secret keys

Complete course for Java developers

In partnership with HIRIST and HackerEarthCHECK OUT THE COURSE

Private keys

The private keys in the Java Keystore are used to set up an SSL server to enable asymmetric encryption.

Public keys

Public keys in the Java Keystore are also used to enable asymmetric encryption. Usually the public key matches the private key and this makes a key pair.


A file or document that is used to identify the identity of a device, organization, or person that claims to hold a public key. The verifying party usually digitally signs this certificate as a form of proof.

Secret keys

Each time a secure connection is made, a symmetric key is set up. This symmetric encryption is a secret key. They are fewer in number than public and private keys.

Java Keystore Methods

Following methods are used in Java Keystore −

enum() aliases

The aliases of the current keystore are returned.

boolean contains alias (string alias)

Checks for the presence of the current alias in the Keystore.

void deleteEntry(String alias)

This method allows the alias to be deleted from the Keystore.

boolean entryInstanceOf(String alias, Class entryClass)

For the given alias, this method helps determine whether the given alias is an instance or subclass of the current entryClass.

certificate getCertificate (String alias)

Returns the associated certificate of the current alias.

String getCertificateAlias(Certificate cert)

Returns the name of the first keystore entry that matches the provided certificate.

Certificate [ ] getCertificateChain(String alias)

Returns the certificate chain associated with the current alias.

Date getCreationDate ( String alias )

Returns the date with which the specified alias entry is associated.

static String getDefaultType()

The default Keystore type specified in the Java security properties file is returned, and if no property is found, the string “jks” is returned.

KeyStore.Entry getEntry(String alias, KeyStore.ProtectionParameter protParam)

Returns the associated keystore entry, the specified security parameter with the current alias.

static KeyStore getInstance(String type)

An object of the specified Keystore type is returned.

static KeyStore(string type, provider provider)

An object of a specified Keystore type is returned along with the specified provider of said type.

static KeyStore(String type, String provider)

An object of the specified Keystore type is returned along with the supplied string type.

Key getKey(String alias, char [ ] password)

It returns the associated key with the current alias along with the recovery password.

Provider getProvider()

The keystore provider is returned.

String getType()

The type of the keystore is returned.

FREE Java Certification Training

Learn the AZ of Java like never beforeSign up now

FREE Java Certification Training

boolean isCertificateEntry(String alias)

If the setCertificateEntry method or the setEntry method with TrustedCertificateEntry creates the associated alias entry, then this method returns true, otherwise it returns false.

boolean isKeyEntry(String alias)

If the setKeyEntry method or the setEntry method with PrivateKeyEntry or SecretKeyEntry creates the associated entry with the alias, then this method returns true, otherwise it returns false.

void load(InputStream stream, char[] password)

A Keystore is loaded from the given input stream.

void load(KeyStore.LoadStoreParameter parameter)

From LoadStoreParameter, the Keystore is loaded using this method.

void setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)

The alias of a keystore entry is assigned using this method.

void setKeyEntry(String alias, byte[] key, Certificate[] chain)

The given alias key is assigned via this method. The already secured key is passed here.

void setKeyEntry(String alias, keyKey, char[] password, certificate[] chain)

The given alias key is assigned via this method. This method also protects the password.

int size()

This method returns all records available in the Keystore.

void store(KeyStore.LoadStoreParameter param)

Using the given LoadStoreParameter, the given Keystore is stored in this method.

void store(OutputStream stream, char [ ] password)

In the given output stream, this method stores the Keystore and also secures it using the given password.

void setCertificateEntry(String alias, Certificate certificate)

Certificates are mapped to the given alias using this method.

How to create a Java Keystore?

Now you will explore and see how to create a Java Keystore.

By calling the getInstance() method, the Java Keystore instance is initialized and thus the Java Keystore is created.

The following syntax works –

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

The above snippet helps us create a default keystore. Keystores of other types can also be created in a similar manner. You do this as follows –

You pass various parameters to the getInstance() method.

The following syntax follows this pattern −

KeyStore keyStore = KeyStore.getInstance(“PKCS12”);

How do I load the Java Keystore?

You must first load the Java Keystore before storing a Java Keystore instance. This is because Java Keystore storage is done on a hard disk or other type of storage.

This is done as follows –

By using the Java Keystore load() method, you load the Java Keystore. This method consists of the following two parameters −

  • Character array – The Keystore password is stored in this character array.
  • InputStream – the location where the keystore data loading should take place is specified by this InputStream.

This is done as follows –

coal [ ] password = “password123”.toCharArray();

try(InputStream data = new FileInputStream(“keystore.ks”)) {

/*keystore.ks is the file we want to load the file from */

keyStore.load(data, password);


The above example finds the keystore.ks file and loads the keystore stored in it.

Free Course: JavaScript for Beginners

Learn the basics of JavaScriptSign up now

Free Course: JavaScript for Beginners

Obtaining keys from the Java Keystore

The getEntry() method is used to get the keys for a Java Keystore instance. A password-protected alias that locates the key is mapped to each key in the Java Keystore. You must provide two parameters to access any key stored in the Java Keystore ie. the password and key alias.

The above technique is demonstrated below –

coal [ ] password = “password123”.toCharArray();

KeyStore.ProtectionParameter entryPassword =

new KeyStore.PasswordProtection(keyPassword);

KeyStore.Entry keyEntry = keyStore.getEntry(“keyAlias”, entryPassword);

Set keys in Java Keystore

Using the setEntry method, it can set the keys in the Java Keystore. The parameters of this method are – input secret key, key alias and password.

The above technique is demonstrated in the following code −

SecretKey secretKey = getSecretKey();

KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);

keyStore.setEntry(“aliasKey”, secretKeyEntry, entryPassword);

Java Keystore storage

To store the Java Keystore for later retrieval, we use the store() method. This Java Keystore is stored in a database or disk.

This is done as follows –

coal [ ] keyStorePassword = “password123”.toCharArray();

try (FileOutputStream keyStoreOutputStream = new FileOutputStream(“data/keystore.ks”)) {

keyStore.store(keyStoreOutputStream, keyStorePassword);


Get a solid foundation in Java, the most commonly used programming language in software development, with the Java Certification Training Course.


Almost everything you use in your daily life today has something to do with Java. Java remains one of the most popular in the industry, with a high demand for jobs. If you want to learn Java and make a career out of it, check out this playlist:


Simplilearn’s Java Certification Training Course is for you if you want to start your Java career. You will get 70 hours of blended learning, lifetime access to self-study resources, hands-on programming and real-world industry projects, and much more with it. So what exactly are you waiting for?

Do you have any questions for us? Leave them in the comments section of this article and our experts will get back to you as soon as possible!


Previous articleHow Avaya Brings Contact Center Functionality to the Metaverse
Next articleHow nursing homes can build their own recruitment channels