In this chapter, we discuss the classes in the Java security package that handle keys and certificates. Keys are a necessary component of many cryptographic algorithms -- in particular, keys are required to create and verify digital signatures or to perform encryption. Different algorithms require different keys. There are two general types of keys: asymmetric and symmetric. Asymmetric keys come in two types as well, public and private. A public key and a private key are related and are referred to as a key pair. Symmetric keys are also called secret keys.

We also cover the implementation of certificates in this chapter. Certificates are used to authenticate public keys; when public keys are transmitted electronically, they are often embedded within certificates. The core Java API comes with the necessary classes to handle public and private keys and their certificates. The classes necessary to handle secret keys come only with JCE.

Keys and certificates are normally associated with some person or organization, and the way in which keys are stored, transmitted, and shared is an important topic in the security package. Management of keys is left for the next chapter, however; right now, we’re just concerned about the APIs that implement keys and certificates. In this chapter, we’ll show how a programmer interacts with keys and certificates as well as how you might implement your own versions of each. The classes and engines we discuss in this ...