In this chapter we examined the key management facilities of Java. Key management revolves around keys and certificates -- ideas we’ve already discussed -- but it also depends upon the notion of an identity -- an individual or a corporation -- and the idea that a particular identity can be certified.

Key management in Java can be handled either programmatically with the standard Java API or with the key management tool keytool. keytool itself is a good example of how the programming API can be used, although there are some trade-offs involved here; for example, loading a large keystore is not necessarily the most appropriate choice for a thin-client application. Fortunately, the security package gives us the necessary tools to implement our own keystore when that is appropriate.

For all the time we’ve spent on them, keys are not interesting by themselves. They are interesting for what they allow us to do, which among other things includes the ability to operate on a digital signature. In the next chapters, we’ll look at message digests and digital signatures, their relationship to keys, and the operations that all this enables us to perform.