Complex software systems that include multiple software application components, such as Java® 2 Enterprise Edition (“J2EE”) systems, generally require that each software application component be able to establish secure communications with each other. In the context of secure communication, software systems generally rely on public key infrastructure (“PKI”)-based communications, which generally require a presentation of a cryptographic key or certificate, authorization of the key or certificate, and a secure exchange of information between the two or more software application components.
“Keystores” can be used to store cryptographic keys and certificates for such secure communications, where a “keystore” is defined as a storage entity configured to store cryptographic keys and certificates that is stored within a repository. A common repository example for a keystore is a physical computer file on a file system. Other repository examples for a keystore are a lightweight directory access protocol (“LDAP”) server, a database, and a hardware device.
Traditional software systems typically protect their keystores using a password. In general, anytime a software application component desires to access a keystore, the software application component can request access to the keystore and provide a password to the keystore. The keystore can receive the password and compare it to a password stored within the keystore. If the password received from the software application component matches the password stored within the keystore, the keystore can grant access to the keys or certificates stored within the keystore to the software application component. If the password received from the software application component does not match the password stored within the keystore, the keystore can deny the software application component access to the keys or certificates stored within the keystore to the software application component. Thus, a software application component that requires access to a keystore, is also generally required to store and maintain the password associated with the keystore. While there are hardware devices that can allow access through non-password based authentication mechanisms (e.g., biometric checks, smartcard checks, and device-based checks), these mechanisms are typically too rare and costly to be deployed in an enterprise application.