There are various ways to authenticate a user, lets discuss some of them.
Session : its considered the simplest among all……
Two Way SSL
How SSL works internally and mechanism behind encrypting the data that you sent over the network and how it identify you are the right one with whom browser is talking.
- Encryption – Establish connection between browser and server and then sent data by encrypting it with shared key between browser and server.
- Identification – Identify the URL whether its correct or not.
Watch below video to understand it better
Let’s see difference between truststore vs keystore in point format which is much clear and easy to understand :
1) Keystore is used to store your credential (server or client) while truststore is used to store others credential (Certificates from CA).
2) Keystore is needed when you are setting up server side on SSL, it is used to store server’s identity certificate, which server will present to a client on the connection while trust store setup on client side must contain to make the connection work. If you browser to connect to any website over SSL it verifies certificate presented by server against its truststore.
3) Though I omitted this on the last section to reduce confusion but you can have both keystore and truststore on client and server side if the client also needs to authenticate itself on the server. In this case, client will store its private key and identify certificate on keystore and server will authenticate the client against certificate stored on server’s trust store.
4) In Java -javax.net.ssl.keyStore property is used to specify keystore while -javax.net.ssl.trustStore is used to specify trustStore.
5) In Java, one file can represent both keystore vs truststore but it’s better to separate private and public credential both for security and maintenance reason.
6) When you install JDK or JRE on your machine, Java comes with its own truststore (collection of certificate from well known CA like Verisign, goDaddy, thwarte etc. you can find this file inside
JAVA_HOME/JRE/Security/cacerts where JAVA_HOME is your JDK Installation directory.
7) keytool command (binary comes with JDK installation inside JAVA_HOME/bin) can be used to create and view both keyStore and trustStore.
If you are still not clear with what is truststore and keystore in Java or difference between keystore and truststore than just remember one line keystore is used to store server’s own certificate while truststore is used to store the certificate of other parties issued by CA like Verisign or goDaday or even self-signed certificates.
Two way ssl diagram:
A full–duplex device is capable of bi-directional network data transmissions at the same time. Half–duplex devices can only transmit in one direction at one time. With half–duplex mode, data can move in two directions, but not at the same time.
https call are half duplex and Mqtt protocol is full duplex, web secure sockets (WSS) are also full duplex.
API Authentication:
https://blog.restcase.com/4-most-used-rest-api-authentication-methods/
RSA Encryption implementation
https://github.com/only2dhir/rsaencryption/blob/master/src/main/java/com/devglan/rsa/RSAUtil.java
rk_sehara 
