Several concepts of key, key pair, public key, Pfx,jks and HTTPS

Key:
I understand the public key + private key collectively.

Key pair:
The Public key (certificate) and private key are in pairs.
Each side of the communication holds its own private key and the other's public key. Your private key needs to be protected closely, and the public key is publicly available to each other. Under Windows, a separate public key is typically a file with a. cer
A encrypts the data with its own private key and sends it to B,B to decrypt it with a public key provided by a. The same B encrypts the data with its own private key, and after it is sent to a, a is untied with B's public key.
Two uses of a public key:
1. Verify the identity of the other person: prevent other people from impersonating each other to send data to you.
2. Decrypt.
Two uses of the private key:
1. Identify yourself: Unless a third party has your private key, you cannot impersonate you to send data to each other.
2. Encryption.

JKS (Java key Store):
A container in Java for storing keys. can hold n public or private keys at the same time, the suffix is generally. jks or. KeyStore or. Truststore, all sorts of strange.
No matter what the suffix is, it's a container, and companies or organizations call it different. For example, a container containing only "trusted public key" is stored as a. truststore file.
Use the Jdk\bin directory of Keytool.exe to view, import, export, delete, modify passwords and other operations.
You can add a password to the JKS container and enter it correctly to manipulate the key in this container.
There is also a password of the concept of different, is stored in the jks of the private key password, is usually top secret.

pFX
The JKS function is the same but the file format is different and the PFX is used by the browser.
You can use some tools to convert a PFX to a JKS format for use by Java programs (such as a bank offering only a PFX, but we want to use httpclient to simulate the automatic access of the browser).
It is said that IE exported PFX format is not standard, conversion jks often error, you can try to import and export Netscape Navigator, and then converted. I've had a situation like this.

Common access to several HTTPS systems
Data via HTTPS protocol is encrypted and transmitted to prevent third party from listening, impersonating and tampering.
1. No user is required to do anything, such as https://www.verisign.com/
This is because the public key is legal (the public key is issued by a trusted authority, matches the actual domain name, and does not expire). Use IE access to the blank point right click to view the public key information.
A 2.https page pops up the public key confirmation prompt
Public key irregularities (not trusted authority issued, and the actual domain name does not match, has expired), but the user point "is" that means ignore the danger, continue to access.
3. You need to pour a file into the browser before you can access the
In general, banking online transactions such as the special need for security occasions, the station (bank) needs to verify the identity of visitors (if you want to confirm must be registered net Silver merchant), you need to import in the browser with the guest private key PFX file.

Generate JKS:
When the bank does not provide the JKs file, it needs to generate its own JKS
For a 1,2 class HTTPS Web site, a security exception is thrown if the Java program accesses this address and cannot find the issuer of the opposing certificate in the JRE default Trust library.
So the public key of the station is stored in a JKS and set in the environment variable to indicate that the public key in this library is trusted to be accessed normally.
I am using ready-made Make_jks tool class in the program to read the HTTPS://XXXX address, the program automatically grabbed the bank public key to co-exist into a jks file.
When you view the station's public key in the browser, export the public key (typically a CER suffix), and then manually import the CER into a jks with Keytool.exe. I didn't try.
Above 1, 2 HTTPS Web site, only use the public key "authenticate each other identity" function.
For the 3rd HTTPS site, you can also find ready-made programs to turn the PFX directly into JKS.
Since the use of a PFX, it is generally used for the two uses of the public key and the two uses of the private key.