I have a password protected private key file(I have the passowrd).
I need to put it in java.security.PrivateKey format. Can anyone tell me what is the most secure way to do it?
If the key (with the certificates) is stored in PKCS#12 you can use the KeyStore from Java.
Else bouncy castle could help you (I've no experience with bouncy castle).
Related
I wanted to create a .jks file using a Certificate and a private Key from an etoken programmatically.
I could access the etoken using the password but could not read the Certificate or the private key.
In an earlier question I had asked whether the private Key could be extracted from the etoken for which I was told it was not possible.
So, my question is whether I could get the reference of the private key using PKCS11..
Thank you.
You can get the reference (object handle) of the PrivateKey using PKCS11. You can even get the public components of the PrivateKey. But you cannot extract the sensitive data that comprises the key.
I am trying to do the AES encryption/decryption in java
I generated the secretkey using KeyGenerator. I stored the key using java keystore.
Key myKey = KeyGenerator.getInstance("AES").generateKey();
KeyStore.ProtectionParameter protParam =
new KeyStore.PasswordProtection("secretpass".toCharArray());
//For writing the secret Key
KeyStore.SecretKeyEntry skEntry =
new KeyStore.SecretKeyEntry((SecretKey)myKey);
FileOutputStream fout = new FileOutputStream("test.ks");
KeyStore ksout = KeyStore.getInstance("JCEKS");
ksout.load(null,"changeit".toCharArray());
ksout.setEntry("secretalias", skEntry, protParam);
I wanted to get this secretkey from this file using openssl programatically. Is it possible? If so, please give me some suggestions on how do I proceed.
Thank you in advance.
This is not possible as the default keystore (jks) is a proprietary format used by Java.
To exchange the key you would need something portable like PKCS#11 (which is a supported KeyStore format at least in Java 8).
I am very new to Bouncy Castle.I want to know is there any way using Bouncy Castle API that i can get original content if i only have signature using X509Certificate with public key.I am not finding any way as we have only public key.We don't have private key which is used to sign the message.
If one has created a detached signature and you have only that signature (and no original data) then you are out of luck.
If the signature is wrapping, then surely you can get original data back. Signed data doesn't require a private key to be verified and extracted. Public key (actually the certificate with the key) can be included in the wrapping signature in which case you don't even need the certificate separately.
I am using Bouncy Castle library in Java for reading CSR. I need to extract the public key information from CSR. I can see that openssl is able to extract required information from CSR.
I can't find any way to do this in BouncyCastle. I have been able to read PKCS10CertificationRequest object from the CSR. I have seen examples using SubjectPublicKeyInfo for extracting public key. But the code relies on the fact that algorithm of public key is already known. I can do a "instanceof" operation for various algorithm parameters and match but I think there would be something better. I want to derive the algorithm from CSR itself. I tried to find this information but couldn't find anything related to this.
Thanks for help.
Solution is to create a new wrapper around the PKCS10CertificateRequest like this:
JcaPKCS10CertificationRequest jcaCertRequest =
new JcaPKCS10CertificationRequest(pkcs10CertRequest.getEncoded()).setProvider("BC");
This class has the getPublicKey() method.
PublicKey publicKey = jcaCertRequest.getPublicKey();
I'm a certificate noob. I've been trying to import certificates for the past couple of hours and the more I dig into security stuff, the more it feels impossible to understand.
Here is what I'm trying to achieve in java:
the user can upload any kind of formatted certificate with an optional passphrase
I need to convert the certificate to a non-binary PEM format
Extract the private and public keys to store in a database, throw error if missing one of the two
So far I've been able to parse some certificates using java security's x509Certificate but I can't get the private key. I've also tried bouncy castle but no success there either.
Thanks for your help
An X509Certificate only contains a public key.
Private keys are usually encoded using PKCS#8. Try KeyFactory with a PKCS8EncodedKeySpec.
Combined public key certificates with private keys are usually encoded using PKCS#12 (.pfx, .p12). Try a KeyStore of "PKCS12" type (with Bouncy Castle as provider).