SSL - shaysalomon12/Data-Engineer GitHub Wiki

Public Key vs Private Key: The Differences Between Them

Encryption means converting plaintext data in a gibberish format in a way that no unauthorized person can read, interpret, or alter it without a special key. A cryptographic key is a long string of random, unpredictable characters.

If you use one key to encrypt and decrypt data, then it means you’re using symmetric encryption. The keys are known as the: public key (encryption key) and the private key (decryption key).

But if you’re using two separate keys — one to encrypt data and the other to decrypt it — then you’re using asymmetric encryption (public key encryption). The keys are known as the public key (encryption key) and the private key (decryption key).

Difference Between a Java Keystore and a Truststore

https://www.baeldung.com/java-keystore-truststore-difference

  • Java KeyStore - stores private key entries, certificates with public keys, or just secret keys that we may use for various cryptographic purposes. It stores each by an alias for ease of lookup.

Usually, we’ll use a keystore when we’re a server and want to use HTTPS. During an SSL handshake, the server looks up the private key from the keystore, and presents its corresponding public key and certificate to the client.

Similarly, if the client also needs to authenticate itself, a situation called mutual authentication, then the client also has a keystore and also presents its public key and certificate.

  • Java TrustStore - is the opposite. While a keystore typically holds onto certificates that identify us, a truststore holds onto certificates that identify others.

In Java, we use it to trust the third party we’re about to communicate with.

If a client talks to a Java-based server over HTTPS, the server will look up the associated key from its keystore and present the public key and certificate to the client.

We, the client, then look up the associated certificate in our truststore. If the certificate or Certificate Authorities presented by the external server isn’t in our truststore, we’ll get an SSLHandshakeException, and the connection won’t be set up successfully.

Server side - keystore

Client side - truststore