Most cryptographic operations require keys. Keys are usually best kept in a keystore file.
To manipulate keystore files, we suggest the excellent, cross platform and free Keystore Explorer.
To get a reference to a java.security.Keystore
, use the
<crypt:keystore>
element:
<crypt:keystore id="fooKeystore" location="classpath:keystore-foo.jks" password="password" type="JKS" provider="SUN"/>
type
attribute is optional: JKS
is the default keystore type if no
type
attribute is specified.
location
attribute follows the spring resources conventions (see table
5.1 in the spring reference documentation for an overview)
provider
attribute is optional.
Since 1.0.1
If you prefer to configure the keystore by defining the java system properties
javax.net.ssl.keyStore
and javax.net.ssl.keyStorePassword
, you can get
a reference to the
keystore simply with:
<crypt:defaultKeystore id="defaultKeystore"/>
A keystore can also be embedded in the xml config file itself using the base64 encoding:
<crypt:b64Keystore id="keystore" password="password" type="JKS" provider="SUN"> <crypt:file> /u3+7QAAAAIAAAABAAAAAQAEdGVzdAAAASazcnA7AAACvTCCArkwDgYKKwYBBAEq AhEBAQUABIICpXWgVfoBjEXhW7TUr4i8npIcnRfWKy8i5Mly28DaiNQIcbUmqVol hfjbmoz930cT+puKpVmt+Rv28MEWEHDH3JFixM7aQgjmMsXL4z0AE/cgW0bn5C3P LBrvG3Ieq0Kj1ZebLuBtHM92LwrkctTq3dvy6sCQHLtpefInmdjqfAbJnls/y2RX PoNwwwu6yIWw6GnXQ41TjhIOcXhmog4e7aH+2Ch+6vFsnNf0hHDdGI/PPvGnIvf9 kGb1a9894sy1xApi1oV/OzH3ZZ8WKlXZmycke3QtVfREFRv22400tayoFyQzCbNE jNpzExRhHd5W1fEaVBXIjw73eB8l31XgIQlBFnUBkBXkQ56nYPRL6ODPNIYEYJSE XJnN8POgc+TFEisP4MK4fzr7pb5iVBokbWMS6ixCayaUSksn/U8mtAQSSy3Wx8KS 0S+HvHCv7g8qflLuQD3TC7dBF4ai8O7U4TXljqugW53UzmcSHbY+3js2R3SYdOxI 1CZ+Ly59WYHsAwtVhor1QFqmx1GwI/OJFy5cdd0Kcn2IKcQwEuTZcNEL7ZzBSrKQ WQ/Vysn2rHr/iWZBg7H/8Ybk3yBoPvn9xi6IFOV74a9EPn3eb8h4yF6yFLieIKXo 2pM1BFmvkbQYcg8HhWWb8ppJC5He2j6LCmhMBciVY5ltSXe8siyPqGi1uSNeqduv O+JGfCgpcAezpGL2KFCbcHyISPlhDERKWdI560OR8ytQXmX996OcM34aRl0D+cgL hblZOzXCv9bj9ePWMTytF/YeVebsjU4clxLWnGBU9hbkvdBTf8q795DAcbqnL6QC mo+1wq8OZTxRcF2Er97A3QCSrvK5hWrG2rkUcw55TSPeoaobj6YgYOnv1dpuHCXs 6J8V/b4FGCDn2XAcgEUOAAAAAQAFWC41MDkAAAI5MIICNTCCAZ6gAwIBAgIES3GF tjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJJVDELMAkGA1UECBMCUk0xDTAL BgNVBAcTBFJvbWUxDTALBgNVBAoTBE5vbmUxDTALBgNVBAsTBE5vbmUxFjAUBgNV BAMTDU1pcmtvIENhc2VydGEwHhcNMTAwMjA5MTU1NjM4WhcNMTAwNTEwMTU1NjM4 WjBfMQswCQYDVQQGEwJJVDELMAkGA1UECBMCUk0xDTALBgNVBAcTBFJvbWUxDTAL BgNVBAoTBE5vbmUxDTALBgNVBAsTBE5vbmUxFjAUBgNVBAMTDU1pcmtvIENhc2Vy dGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKjtmUJ2Y06oi/e90tgfvNLt TadWre36dsKvhrhxaXtcGC54cjaN/r2iAlLnTrqJN9K7cWYHI5Rh1bYZzOSGY2PX 6DoLis5OsDzP/9rXZRMVfNynLsjTeIkG579qht6j6JAtyvHIdH5hrDjE32xx/X78 iLTYMAuXb+Uo8VNZTft7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEApXFvvASzzw4G VmbJB1os/PnKAD82WpDDP6pjDOE4ALAzJoP71uqvLffr4qRBmMOMX6IGmLBckYRS axQ8OCU6QBU4RU1cY/xxrXgfKditL8SAY4Ll07uwoilBJqxM9clT0AtYwxTgS5KF 7bw6Q7mk5Ki1d9hpmBBn+HGB9+MCqTCz/VETRUu45lQPtwUuwvOmff2WHg== </crypt:file> </crypt:b64Keystore>
type
attribute is optional: JKS
is the default keystore type if no
type
attribute is specified.
provider
attribute is optional.
The Base64 block above was generated with:
$ openssl enc -base64 -in keystore.jks