In the JKS format, you can read every certificate inside it without providing the keystore password, thus allowing its usage as truststore without "compromising" the password (which would be stored in some form or would ask for it upon program start).
If you do not provide its password, the security of this format relies solely on the permissions to the file itself. You could even replace the original truststore with a completely different one with different password and the program would not complain.
But if you use the password to ensure the file was not compromised, you would have to care about protecting that password under similar conditions (file access permissions, ofuscation).
Are there any recommendations on which way you should employ this format as a truststore?
Aucun commentaire:
Enregistrer un commentaire