hi
how I can do if I do not want to use keystores in my application. If I want to create dynamically pair of keys for my application with SSL? (specifically to work with RMI SSL )
Spanish
como puedo crear dinamicamente las llaves necesarias para trabajar con SSL si no quiero tenerlas guardadas en un keystore? (especificamente para trabajar RMI con SSL)
Why do you want to do that? Note that SSL doesn't use the keypairs from certificates for the actual encryption, it generates a short-lived symmetric session key for that. But it has to have somewhere to start from when negotiating the keys, some basis of trust, and that's what the keystore certificates provide.
yes, well, SSL woks like you say,
but as I am learning single, I have been based on the form that the examples of javadoc do :
...
public GESRMISSLServerSocketFactory(){
try {
// set up key manager to do server authentication
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] palabraSecreta = "secretWord".toCharArray();
ks = KeyStore.getInstance("JKS");
// here I am using a keystore file in my server side
// i dont want to use KeyStores
ks.load(new FileInputStream("GESKeyStore"), palabraSecreta);
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, palabraSecreta);
ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), null, null);
ssf = ctx.getServerSocketFactory();
} catch (Exception e) {
e.printStackTrace();
}
}
...
to run my aplication i need set the follows parameters
...
System.setProperty("javax.net.ssl.keyStore","KeyStore");
System.setProperty("javax.net.ssl.keyStorePassword","xxxxx");
System.setProperty("javax.net.ssl.trustStore","TrustStore");
System.setProperty("javax.net.ssl.trustStorePassword","xxxxxxxxx");
...
in the client side, so my client aplication need KeyStore file and TrustStore file, else the aplication throw an Exception, the handshake fails
evidently in the examples of java they are used keystore truststore and CA
the bad thing is that they are used so much next to the server as next to the client, which makes the distribution very dificult of the service so that all the clients needs these files
this is what I really want to avoid.