In this chapter, we discuss the classes in the Java security package that handle keys and certificates. Keys are a necessary component of many cryptographic algorithms—in particular, keys are required to create and verify digital signatures. The keys we’re going to discuss in this chapter are public keys and private keys, since those are the keys most often used in a digital signature. Secret keys—used for encryption algorithms—are discussed in Chapter 13. We defer that discussion because secret keys do not come with standard Java implementations; they come only with the Java Cryptography Extension.

We also cover the implementation of certificates in this chapter. Certificates are used to authenticate keys; when keys are transmitted electronically, they are often embedded within certificates.

Keys and certificates are normally associated with some person or organization, and the way in which keys are stored, transmitted, and shared is an important topic in the security package. Management of keys is left for the next chapter, however; right now, we’re just concerned about the APIs that implement keys and certificates. As usual, we’ll show how a programmer interacts with keys and certificates, as well as how you might implement your own versions of each.

The classes and engines we discuss in this chapter are outlined in Figure 10.1. There are two engines that operate on keys: