Is there a way to create a pkcs10 CSR using native java library?
Hello there, i am looking for a way to generate a PKCS10 CSR within an java application.
I prefer native java librarys. Absolutely obsolet are commandline tools. I know it is possible by using BouncyCastle, but currently i am looking for a alternative way to do that.
The library itself should be free to use for commertial belongings.
Have a look into answer number 2 on Building a Certificate Authority architecture. There seems to be no way to do what you want with JSSE directly.
Related
I wanted to know if there is any way to call OpenSSL library functions (not the command-line tools) from Java code. Specifically I want to use OpenSSL to securely read from and write to a socket created by Java code. If JNI is the solution then is there any pre-written JNI that I can use? I am also aware of JSSE and JCE but I'd still like more information regarding this query.
I have the following way of generating a self signed certificate using the class CertandKeyGen.
CertandKeyGen cert = new CertandKeyGen("RSA", "SHA256withRSA);
cert.generate(size);
..
X509Certificate certificate = cert.getSelfCertificate(name, validity);
Since these are internal APIs from keytool, I am looking at a similar approach using java.security.* APIs.
I want to know if this is possible currently. If yes, what are those APIs? I dug around but I am unable to find anything about it. I am aware of bouncy castle APIs (X509V3CertificateGenerator) but I do not want to use third party APIs.
Thanks.
At present, I do not believe that the generation/signing mechanisms that are used in keytool are part of the public API for Java.
I have implemented a very simple CA/Signing mechanism utilizing BouncyCastle for testing purposes.
I don't think you're going to be able to do this without a 3rd party api or implementing a very significant amount of code on your own.
I am currently working on an Android app that talks to a server process on a remote machine. The installation packages for both the Android client and server need to be cryptographically signed; the Android client with a Java Keystore File (JKS) and the server with a PGP key from a keyring file. If possible, I would like to reduce the dependencies by signing both packages with the same key, but neither signing tool supports the opposite file format.
Is it possible to convert a PGP keyring file into a JKS file? Or alternatively, is it possible to convert a JKS file into a PGP keyring file? If so, how?
Edit for clarification: The idea here is to use a single cryptographic key as input for two different signing tools. The tools do not know about each other; it's just some random key to them. I do not want to sign an Android package with PGP, or the server installation package with Android's signing tool, as either would make the output unreadable to the end user.
While it might be theoretically possible there are certainly no tools to do that. If you would want to write one yourself there are a lot of hurdles to overcome. On a low level view there are many different ways to sign data (even if you restrict yourself to RSA, there are still many standards and parameters to choose from). On a high level view such key files and their front end abstractions of certificates or simply "keys" on the pgp side contain a lot meta information like a validity period, ownership information and so on. If you could actually deal with the low crypto problems then you still have to define some translation from one set of meta data to the other.
Also from a cryptographic point of view any key reuse is strongly frowned upon. There are many ways typically sound primitives can break apart if they are used in an unintended way. Certainly the authors and implementers of the algorithms behind the Android tools and the PGP tools did not imagine their tools to be used with such cross generated keys.
I want create certificates to be stored on a database and i dont have any idea about how to do it, if exits an API or library help me do it
Thanks
A public key infrastructure is far more than a database of signed public keys. For instance one of the most important parts of the PKI is the ability to revoke certificates using the OCSP protocol.
In short everything needed to build a PKI in java has been built for you and is open source, you should use EJBCA.
Here is the Java PKI programming guide from Sun.
Have you seen http://www.mozilla.org/projects/security/pki/?
I'm looking to port a small Java security library to PHP. The Java implementation makes use of a keystore for signing some stuff and I'm wondering how to go about recreating this functionality in PHP. Of course the original Java implementation must still work with the same key pair/keystore.
I have very little experience with PHP and havn't tried to do anything portable with Java keystores before.
I expect there is some way to export the private key to a format that can be used by PHP.
Does anyone know exactly what I need to do in this situation?
If you aren't absolutely set on porting your code to php, you can use the php-java bridge to make calls to it from php. If your java code is proven, there's no reason to discard it out of hand.
http://phpkeystore.org/ may be of use.
EDIT: As implied by Mihir below, that site appears to be gone.
The last "good" archive of it is available at https://web.archive.org/web/20170607151254/http://phpkeystore.org/