Additional Keystore Formats (PKCS12)

The PKCS#12 (Personal Information Exchange Syntax Standard) specifies a portable format for storage and/or transport of a user's private keys, certificates, miscellaneous secrets, and other items. The IBMJSSE2 provider uses the Java™ 2 KeyStore API that supplies a complete implementation of the PKCS12 java.security.KeyStore format for reading and write pkcs12 files. This format is also supported by other toolkits and applications for importing and exporting keys and certificates, such as Netscape/Mozilla, Microsoft's Internet Explorer, and OpenSSL. For example, these implementations can export client certificates and keys into a file using the .p12 filename extension.

With the IBMJSSE2 provider, you can access PKCS12 keys through the KeyStore API with a keystore type of pkcs12 (or PKCS12, the name is case-insensitive). In addition, you can list the installed keys and associated certificates using the keytool command with the -storetype option set to pkcs12 or use IKEYMAN. (See Security Tools for information about keytool.)