Key pair, public key, certificate, private key, jks,keystore,truststore,cer,pfx noun description

Source: Internet
Author: User
Tags decrypt pfx file

I understand the public key + private key collectively.

Key pair:
The Public key (certificate) and private key are in pairs. Each side of the communication holds its own private key and the other's public key. Your private key needs to be protected closely, and the public key is publicly available to each other. Under Windows, a separate public key is typically a file with a. cer

A encrypts the data with its own private key and sends it to B,B to decrypt it with a public key provided by a. The same B encrypts the data with its own private key, and after it is sent to a, a is untied with B's public key.

Two uses of a public key:
1. Verify the identity of the other person: prevent other people from impersonating each other to send data to you.
2. Decrypt.
Two uses of the private key:
1. Identify yourself: Unless a third party has your private key, you cannot impersonate you to send data to each other.
2. Encryption.

JKS (Java key Store):
A container in Java for storing keys. can hold n public or private keys at the same time, the suffix is generally. jks or. KeyStore or. Truststore, all sorts of strange. No matter what the suffix is, it's a container, and companies or organizations call it different. For example, a container containing only "trusted public key" is stored as a. truststore file.
Use the Jdk\bin directory of Keytool.exe to view, import, export, delete, modify passwords and other operations. You can add a password to the JKS container and enter it correctly to manipulate the key in this container. There is also a password of the concept of different, is stored in the jks of the private key password, is usually top secret. It means that a keystore (. jks) file usually contains a public key and a private key, and KeyStore itself has a password that can be entered to export the public key as a CER file, and a private key is not visible, and want to see the private key to enter another password. This means that there is not necessarily an x corresponding command corresponding to it.

The JKS function is the same but the file format is different and the PFX is used by the browser.
You can use some tools to convert a PFX to a JKS format for use by Java programs (such as a bank offering only a PFX, but we want to use httpclient to simulate the automatic access of the browser). It is said that IE exported PFX format is not standard, conversion jks often error, you can try to import and export Netscape Navigator, and then converted. I've had a situation like this.

Common access to several HTTPS systems. Data via HTTPS protocol is encrypted and transmitted to prevent third party from listening, impersonating and tampering.
1. No user is required to do anything, such as
This is because the public key is legal (the public key is issued by a trusted authority, matches the actual domain name, and does not expire). Use IE access to the blank point right click to view the public key information.
A 2.https page pops up the public key confirmation prompt
Public key irregularities (not trusted authority issued, and the actual domain name does not match, has expired), but the user point "is" that means ignore the danger, continue to access.
3. You need to pour a file into the browser before you can access the
In general, banking online transactions such as the special need for security occasions, the station (bank) needs to verify the identity of visitors (if you want to confirm must be registered net Silver merchant), you need to import in the browser with the guest private key PFX file.

Generate JKS:
When the bank does not provide the JKs file, it needs to generate its own JKS
For a 1,2 class HTTPS Web site, a security exception is thrown if the Java program accesses this address and cannot find the issuer of the opposing certificate in the JRE default Trust library. So the public key of the station is stored in a JKS and set in the environment variable to indicate that the public key in this library is trusted to be accessed normally.
I am using ready-made Make_jks tool class in the program to read the HTTPS://XXXX address, the program automatically grabbed the bank public key to co-exist into a jks file.
When you view the station's public key in a browser, export the public key (typically a CER suffix), and then manually import the CER into a jks with Keytool.exe.
Above 1, 2 HTTPS Web site, only use the public key "authenticate each other identity" function. For the 3rd HTTPS site, you can also find ready-made programs to turn the PFX directly into JKS. Since the use of a PFX, it is generally used for the two uses of the public key and the two uses of the private key.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.