JKS and JCEKS, What's the Story?

Sun's cryptographic libraries provide support for two different

proprietary keystores. The traditional keystore, available from

the "SUN" provider in the standard JDK, is called the "JKS" keystore.

The alternate keystore, available from the "SunJCE" provider in the JCE

(Java Cryptography Extension), is called the "JCEKS" keystore. Which

one should you use?

If you're not using the JCE, then the answer is easy. Your only option

is to use the JKS keystore. If, however, you have installed the JCE and

you are using JCE functionality, then your best bet is the JCEKS

keystore. This keystore provides much stronger protection for stored

private keys by using Triple DES encryption.

Migrating up from JKS to JCEKS is relatively easy. You can find

complete instructions at


ITWorld DealPost: The best in tech deals and discounts.