Createing CertificateChain without Key value at KeyStore
[224 byte] By [CVMatomicSwapa] at [2007-11-26 19:40:16] 
Hello,I 've been trynig to create CertificateChain without Key value at KeyStore for almost 8 hours.I am not still getting the solution, If anyone knows the way, please Help me!Thanks in advance.
# 1
It can't be done. You have to start with generating a key (keystore -genkey). Your task makes no sense. What are you really trying to do?ejpa at 2007-7-9 22:20:09 >
# 2
Hi ejp,Thanks for your comment.I am trying to use keystore as Trusted Certificate Storage for Path validation. Do you know any other methods for doing so?Thanks in advance.CVMatomicSwapa at 2007-7-9 22:20:09 >
# 3
In addition here's my codes,
-
// The certificate files, to be added to keystore
FileInputStream certFile1 = new FileInputStream("root.cer");
FileInputStream certFile2 = new FileInputStream("cacert.cer");
FileInputStream certFile3 = new FileInputStream("userCert1.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate[] cert_arry = new Certificate[3];
// Read the 3 certificates into memory
cert_arry[0] = cf.generateCertificate(certFile1);
cert_arry[1] = cf.generateCertificate(certFile2);
cert_arry[2] = cf.generateCertificate(certFile3);
// Read the keystore file, type="jks"
KeyStore ks = KeyStore.getInstance("jks");
ks.load(null, null);
// Add certificates hierachy to keystore
ks.setCertificateEntry("ROOTCACERT", cert_arry[0]);
ks.setCertificateEntry("CACERT", cert_arry[1]);
ks.setCertificateEntry("USERCERT", cert_arry[2]);
// I want to do below, but it won't works.
Certificate[] cert_chain = ks.getCertificateChain("USERCERT");
Thanks.
CVMatomicSwapa at 2007-7-9 22:20:09 >
# 4
Well you've done the import OK. But KeyStore.getCertificateChain() is only for key-entries, not certificate entries.ejpa at 2007-7-9 22:20:09 >
# 5
But, as you know, keytool can import only Certificate chain without private key value. How was that possible?CVMatomicSwapa at 2007-7-9 22:20:09 >
# 6
I don't understand the question and I also don't understand what exactly you're trying to to.
The keytool, and the KeyStore API, have two distinct certificate-importing operations:
(a) import a signed CSR reply in association with an existing private key, in other words associate a signed cert-chain with a private key
(b) import someone else's trusted certificate(s).
You seem to be doing (b). But you can only get a certificate chain for (a) from KeyStore, i.e. a certificate chain starting with a cert for which you have the private key and containing all the certs of the signers. A certificate chain of someone else's public certificates that you trust has no application that I can think of. So I don't understand what the actual task is here.
ejpa at 2007-7-9 22:20:09 >
# 7
Hi ejp,
Thanks again for your comments,
I fully understand what you are trying to say. I'll brief what I am now trying to do.
At MHP(DVB Data Broadcasting Spec.) has a getSingers api( see articles on that : http://forum.java.sun.com/thread.jspa?threadID=663130&messageID=3888155) for Certificate Chain information.
Data Broadcating Application usually comes with certificate chain information for Signing aplication's contents. And reciever must store that certificate chain for later use.
This is my real purpose, and I hope to use keystore or any other repository to store certificate chain information .
Sincerely.
CVMatomicSwapa at 2007-7-9 22:20:09 >
# 8
OK, well you're storing the certs OK, you just need to construct the certificate chain yourself.See java.security.cert.CertPath, java.security.cert.PKIXCertPathBuilder, and friends.ejpa at 2007-7-9 22:20:09 >
Security New Topic
Security Hot Topic
- RTP Stream AES Encryption/Decryption of Audio in a one-on-one audio chat...
- SunJCE TripleDES problem with JDK 1.6
- what i'm doing wrong when exporting a keystore ?
- re-Converting an encrypted private key(stored as a String) back to Key type
- Greek Flag
- JAAS Poblem
- Storing passwords locally
- Converting String into SecretKey
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding