The fluidity of key management is evident in the progress of Java itself. Key management with the 1.1 API is very different from key management in Java 2. Further complicating this picture is the fact that no Java-enabled browser (except the Java 2 Plug-In) uses the technique for key management that comes with the JRE. Each requires keys to be kept in a different key database, and each uses a different technique to store and retrieve keys from that application-specific database.

As a developer, that means you must adopt different key management features depending on your target platform. If your target platform is Java 2 applications and Java 2 applets run through the Java Plug-in, then you can use this key management facility. If you must support applets run in Internet Explorer or versions of Netscape Navigator before Netscape 6, then you must use Microsoft- or Netscape-specific key management techniques. And if you’re targeting Java 1.1 applications, you must use Java 1.1 facilities.

There are no keystores in Java 1.1. If you must implement a key management system under Java 1.1, you’ll need to use the IdentityScope class. The IdentityScope class has been deprecated in Java 2.

Java 1.1 comes with a key management system that is based upon the javakey utility. javakey has several limitations; in particular, it stores public and private keys in the same, unprotected location (often called an identity database). This allows anyone with access ...