如何别名在Java密钥库类中使用？ [英] How is the alias name used in Java KeyStore class?

问题描述

类密钥库有一个名为调用setCertificateEntry方法（别名，证书）。我大多数客户端例子见用CA的别名。在服务器的客户端 - 服务器握手期间，要求CA自动？如果我用ABC，而不是真的会发生CA？问候。

Class KeyStore has a method called setCertificateEntry(alias, certificate). Most client examples I see use "ca" as the alias name. Is the server asking for "ca" automatically during the client-server handshake? What really would happen if I use "abc" instead of "ca?" Regards.

推荐答案

别名实际上是一个是本地的您正在使用的密钥库的名称。这是标识密钥库的入口，所以你不能再使用它的两个条目，但它可以是任何你喜欢的（尽管我必须承认我从来没有与非ASCII字符试过了，只有官方信任使用小写字母或数字）。

The alias is really just a name that is local to the keystore you are using. It is what identifies the entry in the keystore, so you can't re-use it for two entries, but it can be whatever you like (although I must admit I have never tried with non-ASCII characters, and the official truststore only uses lower case letters or numbers).

借助文档还说：

无论别名是区分大小写的实现有关。为了避免出现问题，建议不要在密钥库中，只有在不同的情况下使用别名。

Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.

一些密钥仓库实现和格式可能有更多的约束或不同的方式使用该名称。例如， WINDOWS-ROOT 密钥库（这是一个前端为Windows土特产专卖店）使用Windows的友好名称作为别名，这是不幸中的Windows证书存储区不是唯一的，所以从土特产专卖店的一些证件，可以被隐藏，无法使用（这是从别名进入一个地图，加载具有相同名称的新条目替换另外一个）。但是，这不应该是Android上的关注，当然。

Some keystore implementations and formats might have more constraints or use that name differently. For example, the WINDOWS-ROOT keystore (which is a front-end for the Windows native store) uses Windows's "friendly name" as the alias, which is unfortunately not unique in the Windows certificate store, so some certificates from the native store may be hidden and not usable (it's a map from alias to entry, loading a new entry with the same name replaces the other one). However, this shouldn't be a concern on Android, of course.

如果您正在构建，你会作为一个信任，这很可能包含许多CA的使用密钥存储，调用一 CA 将使它很难识别他们以后。 （这是主要是为了能够手动发现这证书就是一个管理的问题。）

If you're building a keystore that you'll use as a truststore, which is likely to contain a number of CAs, calling one "ca" would make it difficult to identify them later on. (This is mostly an administrative problem to be able to find manually which cert is where.)

如果你看一下默认的信任，您将获得与名称别名像这些CA证书的主题DN，如 verisignclass1g2ca

If you look at the default truststore, you'll get aliases with names the resemble the Subject DN of these CA certificates, for example "verisignclass1g2ca".

有你能记住的标识符通常为用作密钥库（而不是信任库），并含有多种专用密钥的密钥库更为重要，因为这可以帮助您配置应用程序使用特定的证书来识别自己

Having an identifier you can remember is generally more important for keystores that are used as keystores (as opposed to truststores) and which contain multiple private key entries, since this can help you configure your application to use a particular certificate to identify itself.

这篇关于如何别名在Java密钥库类中使用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！