TrustStore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in an SSL connection. While Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification. This concludes that they are opposite of each other. In a layman’s language, we can directly conclude up that in a certification trustStore holds identification certificates that identify others while keyStore holds the identification certificates that hold us.
Here in java as in programming language, this concept is used whenever we are trying to communicate with third-party applications. The connection between the client and the server are diagrammatically represented for the keyStore and trustStore, which is as follows:
The difference between TrustStore and KeyStore is shown below in the tabular content:
TrustStore |
KeyStore |
---|---|
TrustStore doesn’t contain private and sensitive information. |
Keystore contains private and sensitive information. |
javax.net.ssl.trustStore is used to specify TrustStore. |
javax.net.ssl.keyStore is used to specify Keystore. |
TrustStore setup is required for the successful connection at the client side. |
Keystore is needed when you are setting up the server-side on SSL. |
TrustStore stores other’s credentials. |
Keystore stores your credential. |
A TrustStore holds the certificates of external systems that you trust. |
A KeyStore holds your application’s certificates. |
TrustStore password is given by following extension Djavax.net.ssl.trustStorePassword. |
KeyStore password is given by following extension Djavax.net.ssl.keyStorePassword |
TrustStore and TrustStore passwords are stored in clear files and is visible to all. |
Keystore and key passwords are stored in plain text, in a file that is readable only by members of the appropriate group. |