Store the keystore to the given output stream. The password is typically included in a digest calculation of the keystore; this digest is then written to the output stream as well but again, your own implementation of this class could use the password differently. The format of the data is completely implementation dependent. This method may throw an IOException if the output stream cannot be read, a NoSuchAlgorithmException if the class used to create the digest cannot be found, or a CertificateException if the keystore object contains a certificate that cannot be parsed. There is no default file that holds the keystore. Within the core Java API, the only class that opens the keystore is the PolicyFile class, and that opens the keystore that is listed in the java.policy files. The tools that use the keystore the jarsigner and keytool tools allow you to use a command−line argument to specify the file that contains the keystore; they default to the file .keystore in the users home directory. This is the convention your own programs will need to use. If your application needs to open the keystore for example, to obtain a private key to sign an object, it should provide either a command−line argument or a property to specify the name of the file to open, and they should provide a reasonable default. Following convention, well use the .keystore file in the users home directory in our examples. As weve seen, a keystore is arranged in terms of alias names. Aliases are arbitrarily assigned to an entry; while the name embedded in the certificate for a particular entry may be a long, complicated, distinguished name, the alias for that entry can provide a shorter, easier−to−remember name. There are a number of simple methods in the KeyStore class that deal with these alias names: public final Date getCreationDateString alias Return the date on which the entry referenced by the given alias was created. public final void deleteEntryString alias Delete the entry referenced by the given alias from the keystore. public final Enumeration aliases Return an enumeration of all the aliases in the keystore. public final boolean containsAliasString alias Indicate whether the keystore contains an entry referenced by the given alias. public final int size Return the number of entriesaliases in the keystore. public final boolean isKeyEntryString alias public final boolean isCertificateEntryString alias Indicate whether the given alias represents a key entry or a certificate entry. public final Key getKeyString alias, char[] password Return the private or secret key for the entry associated with the given alias. For a certificate entry, this method returns null . An UnrecoverableKeyException is thrown if the key cannot be retrieved e.g., if the key has been damaged. Retrieving a private key typically requires a password; this may or may not be the same password that was used to read the entire keystore. This allows private keys to be stored encrypted so they cannot be read without the appropriate password. If the class that provides encryption cannot be found, this method throws a NoSuchAlgorithmException . public final Certificate[] getCertificateChainString alias Return the certificate chain that verifies the entry associated with the given alias, which must represent a key entry. For an alias that represents a certificate entry, and for a key entry that stores a secret key, this method returns null . public final Certificate getCertificateString alias Return the certificate associated with the given alias. If the alias represents a key entry with a private key, the certificate returned is the users certificate that is, the first certificate in the entrys certificate chain; certificate entries have only a single certificate. public final String getCertificateAliasCertificate cert Return the alias that corresponds to the entry that matches the given certificate using the equals method of certificate comparison. If no matches occur, null is returned. public final void setKeyEntryString alias, byte key[], Certificate chain[] public final void setKeyEntryString alias, Key k, char[] password, Certificate chain[] Assign the given private or secret key and certificate chain to the key entry represented by the given alias, creating a new key entry if necessary. Any previous private key and certificate chain or secret key for this entry are lost; if the previous entry was a certificate entry, it now becomes a key entry. If the key is a secret key, the certificate chain should be null . A KeyStoreException is thrown if the key entry cannot be encrypted by the internal encryption algorithm of the keystore. Note that when the key is passed in as a series of bytes, it is not encrypted −− in this case, you are expected to have performed the encryption yourself. public final void setCertificateEntryString alias, Certificate c Assign the given certificate to the certificate entry represented by the given alias, creating a new entry if necessary. If an entry for this alias already exists and is a key entry, a KeyStoreException is thrown. Otherwise, if an entry for this alias already exists, it is overwritten. Note that there is no method that returns an entire entry; you must use the specific methods such as the getKey method to obtain the individual pieces of information you need. These are the basic methods by which we can manage a keystore. Well see examples of many of these methods throughout the rest of this book; for now, lets look at a simple example that handles basic operations on a keystore: package javasec.samples.ch10; import java.io.; import java.security.;