PKCS 12 KeyStore

PKCS #12 KeyStore

The Public Key Cryptography Standard (PKCS) #12 specification defines the key container that is used to move keys from keystore to keystore without being compromised. These keystores could be used between different languages and different browsers such as Microsoft Internet Explorer and Netscape. This specification is used because there is no API to interface that all keystores implement. Instead the keys must be imported and exported to and from different keystores . The PKCS #12 doesn't define the transport mechanism but defines the wrapper of the key from a keystore to be sent to another keystore .

The transport itself can even be mail, sockets, files, or http. The PKCS #12 was designed as the transfer syntax for sharing keys. What this means is that PKCS #12 describes the transfer syntax between identities, including key and certificate information. This will help if one organization is using one kind of key store and another organization is using something different.

PKCS #12 provides a definition, or standard, on how the different transferring mechanisms can communicate to swap keys. Changing the implementation to a PKCS #12 algorithm instead of the Sun JKS algorithm is simply a matter of changing the implementing class by KeyStore myKeyStore = KeyStore.getInstance("PKCS12"); . All other operations can be carried out in the same manner. That is the importance of having the implementation at the SPI layer instead of the top-level class layer. The PKCS12 is a key store implementation that is developed by IBM as a security provider.