JSECURITY Issue: KeyStoreSPI

Catherine Lai (jfarmer@iaik.tu-graz.ac.at)
Tue, 26 Jan 1999 08:21:36 GMT

Date: Tue, 26 Jan 1999 08:21:36 GMT
Message-Id: <199901260821.IAA09841@softwarema.usec.Sun.COM>
From: <jfarmer@iaik.tu-graz.ac.at>
To: java-security@java.sun.com, webmaster@java.sun.com,
Subject: JSECURITY Issue: KeyStoreSPI

Name: Johannes Farmer
Email: jfarmer@iaik.tu-graz.ac.at
Organization: IAIK, Graz University of Technology
Location: Europe
System: WinNT
Referring URL: http://java.sun.com/security/
Browser: InternetExplorer
Browser Version: 4

I implemented the KeyStoreSPI for the IAIK-JCE. The comment of the setKeyEntry method says, "If the given key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key."

This is the point I don't feel comfortable with. Consider this: I calculate a key pair for a certificate request. Certification takes some time. So I have to store the private key in a save location until I get my new certificate. The KeyStore would be the right place for it.
Shouldn't it be possible to save private keys in the KeyStore without a certificate chain as well?

Regards,

Johannes Farmer