JKS and JCEKS, What's the Story?

Sun's cryptographic libraries provide support for two different

proprietary keystores. The traditional keystore, available from

the "SUN" provider in the standard JDK, is called the "JKS" keystore.

The alternate keystore, available from the "SunJCE" provider in the JCE

(Java Cryptography Extension), is called the "JCEKS" keystore. Which

one should you use?

If you're not using the JCE, then the answer is easy. Your only option

is to use the JKS keystore. If, however, you have installed the JCE and

you are using JCE functionality, then your best bet is the JCEKS

keystore. This keystore provides much stronger protection for stored

private keys by using Triple DES encryption.

Migrating up from JKS to JCEKS is relatively easy. You can find

complete instructions at


What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies