In this chapter, we’re going to discuss key management, and the facilities in Java that enable key management. The problem of key management turns out to be a hard one to solve: there is no universally accepted approach to key management, and although many features in Java (and on the Internet) are available to assist with key management, all key management techniques remain very much works in progress.

The fluidity of key management is evident in the progress of Java itself. Key management with the 1.1 API is very different from key management in 1.2.^[35] Further complicating this picture is the fact that no Java-enabled browser (including HotJava, but not including the Java Plug-In) uses the technique for key management that comes with the JDK. Each requires keys to be kept in a different key database, and each uses a different technique to store and retrieve keys from that application-specific database. Key management remains application-specific.

In this chapter, we’ll discuss the basic features of Java that are available for key management, including the default key management features of the JDK. We’ll conclude with an example of implementing your own key management system. The key management features we’re going to discuss apply primarily to Java 1.2. If you must implement a key management system under Java 1.1, you’ll need to use the IdentityScope class as discussed in Appendix B. The IdentityScope class has been deprecated in 1.2.