The Java platform supports a variety of keystore types.
For many years the default keystore type was JKS, now it is PKCS12.
PKCS12 keystores offer improved security and interoperability.
By default, new keystores will be created in the PKCS#12 format.
Existing keystores retain the keystore type that they were created with.
The default keystore type is specified by the following property in the
In JDK 9 it is set to "pkcs12". Previously it was set to "jks".
To prevent problems for applications that access keystores using
the default keystore type, a detector mechanism has been introduced.
This mechanism ensures that the correct keystore type is used,
regardless of the keystore type supplied by the calling application.
Currently, it detects only JKS and PKCS12 keystores.
A new security property is introduced to control the keystore type detector:
In JDK 9 it is set to "jks,pkcs12".
Applications that need to disable the detector mechanism for a specific
keystore type shall omit that type from the security property setting.
Implement a keystore type detector for JKS and PKCS12 keystores.
The java.security.KeyStore class has been enhanced to detect the correct
keystore type regardless of the keystore type supplied by the caller.
Currently, only JKS and PKCS12 keystore types are detected.
Passwordless access is supported for JKS keystores but not for PKCS12 keystores.