The
canonmill package provides a
Keystore
implementation designed to be less painful from an operational perspective
than any of the
Keystore
implementations included in the standard JDK.
The package does not support encryption of the keystore with a password, or
encryption of the keystore entries with passwords. In the author's opinion,
this offers no real security. To elaborate, keystore encryption is intended
to ensure that private keys are encrypted at rest so that, in the event of a
compromise, the private keys cannot be used by an attacker. Unfortunately,
this is ineffectual for a couple of reasons. Firstly, because nobody wants
to have to manually type in a password each time their server-based Java
application starts, the password is typically stored along with the
application configuration. This means if an attacker compromises the
application, they have both the keys and the passwords anyway. Secondly, if
an application is compromised and the keystore is stolen, the keys within
the keystore are going to have to be blacklisted and reissued anyway, so
"protecting" them with a passphrase is of very little utility.