**Keystore** is used to store *private key and identity certificates* that a specific program should present to both parties (server or client) for verification. 

**Truststore** is used to store *certificates from Certified Authorities (CA)* that verify the certificate presented by the server in [SSL](https://www.educative.io/collection/page/10370001/5654729883385856/5672180067074048#domain-validation) connection. 



# Key differences

|  **Keystore**   |  **Truststore**    |
| --- | --- |
|   Keystore stores your credential. (server or client)  | Truststore stores others credentials (CA)     |
|  Keystore is needed when you are setting up the server side on SSL   | Truststore setup is required for the successful connection at the client side  |
| Client will store its private key and identify certificate on Keystore    |  Server will authenticate the client against the certificate stored on the server's Truststore   |
|  `javax.net.ssl.keyStore` is used to specify Keystore    |`javax.net.ssl.trustStore` is used to specify Truststore.      |
|Keystore passwords are stored in plaintext that is only readable by the specific group. |Truststore passwords are stored in plaintext that can be read by everyone.|
|Keystore contains private and sensitive information|Truststore doesn't contain private and sensitive information|
|||



Keystore vs. Truststore

Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification. Truststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in SSL connection. 

Keystore	Truststore
Keystore stores your credential. (server or client)	Truststore stores others credentials (CA)
Keystore is needed when you are setting up the server side on SSL	Truststore setup is required for the successful connection at the client side
Client will store its private key and identify certificate on Keystore	Server will authenticate the client against the certificate stored on the server’s Truststore
`javax.net.ssl.keyStore` is used to specify Keystore	`javax.net.ssl.trustStore` is used to specify Truststore.
Keystore passwords are stored in plaintext that is only readable by the specific group.	Truststore passwords are stored in plaintext that can be read by everyone.
Keystore contains private and sensitive information	Truststore doesn’t contain private and sensitive information