Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Cryptography

Problems with PrivateKey

Hi all,

I'm really struggling here and I'm hoping someone can help. I'm no security expert so please forgive any obvious errors.

I want to create a public and private key pair, then use a KeyStore to store them so other objects can access them. However, I'm having a problem and here is the code I'm working with:

// Generate and get the public and private keys

keyGen = KeyPairGenerator.getInstance("RSA");

keyGen.initialize(512);

keypair = keyGen.genKeyPair();

thisPrivateKey = keypair.getPrivate();

thisPublicKey = keypair.getPublic();

// Create a empty keystore object

KeyStore keystore = KeyStore.getInstance("JCEKS");

// store the public key

keystore.load(null,"PublicPass".toCharArray());

keystore.setKeyEntry("PublicKeys", thisPublicKey,"PublicPass".toCharArray(),null);

FileOutputStream out =new FileOutputStream("Keys\\Public.key");

keystore.store(out,"PublicPass".toCharArray());

out.close();

// store the private key

keystore.setKeyEntry("PrivateKeys", thisPrivateKey,"PrivatePass".toCharArray(),null);

FileOutputStream out =new FileOutputStream("Keys\\Private.key");

keystore.store(out,"PrivatePass".toCharArray());

out.close();

This fails when run because it says it need a Certificate chain in the setKeyEntry routine (fourth parameter). Okay, so then I started trying to create a certificate chain and this is what I've come up with.

// Get and test the certificate chain

java.security.cert.Certificate[] chain = keystore.getCertificateChain("PublicKeys");

String theType = chain.getType();

System.out.println("theType="+theType);

// store the private key

keystore.setKeyEntry("PrivateKeys", thisPrivateKey,"PrivatePass".toCharArray(), chain);

FileOutputStream out =new FileOutputStream("Keys\\Private.key");

keystore.store(out,"PrivatePass".toCharArray());

out.close();

However, this fails because the certificate chain always comes back as null. Why? I'm not sure I fully understand what kind of alias it's looking for in the getCertificateChain call. Or perhaps it's returning null because there's no chain to get as it hasn't been assigned yet. If so, how does one generate a certificate so that it can be assigned to an alias (via setCertificateEntry) and then getCertificateChain will work. All examples of setCertificateEntry I've been able to find are reading the keys in from a KeyStore, but how does one get an initial certificate?

Thanks to anyone who can help.

Robert

[3435 byte] By [SleestakKinga] at [2007-11-27 2:11:52]
«« request input on client/server design
»» Time Class - military time format & standard format - PLZ HELP!!!!
# 1

Inside a keystore, each entry has an alias, which is the name of this entry so that you can use it to access the entry (either a PrivateKeyEntry or a TrustedCertificateEntry...). This means an entry with alias "PublicKeys" must exist before you call --

java.security.cert.Certificate[] chain = keystore.getCertificateChain("PublicKeys");

Currently in JDK, there's no way to create a certificate (or a chain) programatically. You can use the keytool command to generate key pairs.

wangwja at 2007-7-12 2:05:32 > top of Java-index,Security,Cryptography...
# 2

Thanks. I got it figured out last night. I did have to create the certificate first, and assign it to the KeyPair object. It works beautifully now. Here's the code:

// Generate the KeyPair, get the public and private keys, and assign a certificate

sun.security.x509.CertAndKeyGen keypair = new sun.security.x509.CertAndKeyGen("RSA", "MD5WithRSA" );

sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name(

"IGEL RemoteManager", "IGEL Technology GmbH",

"IGEL Technology GmbH", "DE");

keypair.generate( 1024 );

PrivateKey thisPrivateKey = keypair.getPrivateKey();

PublicKey thisPublicKey = keypair.getPublicKey();

java.security.cert.X509Certificate[] chain = new java.security.cert.X509Certificate[1];

chain[0] = keypair.getSelfCertificate(x500Name, 7000*24*60*60);

// Set the KeyStore entry for the public key

KeyStore keystore = KeyStore.getInstance( "JCEKS" );

keystore.load( null, "PublicPass".toCharArray() );

keystore.setKeyEntry("PublicKeys", thisPublicKey, "PublicPass".toCharArray(), null);

// Save the new keystore contents for the public key

FileOutputStream out = new FileOutputStream("Keys\\NewPublic.key");

keystore.store(out, "PublicPass".toCharArray());

out.close();

// Set the KeyStore entry for the private key

keystore.setKeyEntry("PrivateKeys", thisPrivateKey, "PrivatePass".toCharArray(), chain);

// Save the new keystore contents for the private key

FileOutputStream out2 = new FileOutputStream("Keys\\NewPrivate.key");

keystore.store(out2, "PrivatePass".toCharArray());

out2.close();

It works beautifully.

Robert

null

SleestakKinga at 2007-7-12 2:05:32 > top of Java-index,Security,Cryptography...
# 3

Seems you have been reading the sun.security.tools.KeyTool class last night. :)

Attention:

All sun.* classes are totally internal to Sun's own implementation of JDK and not supported by Sun as public APIs. If you only write a program for your own pleasure, that may be OK. If you're writing any commercial programs, you have the risks:

1. If the program runs on JDK from other vendors, say, IBM, Apple, Apache Harmony. It may not work.

2.If the program runs on later versions of JDK from Sun, it may not work any more, since the internal class may be removed or updated with no notice.

In fact, if you're using the latest JDK 7 snapshots, you may notice warnings on "using internal classes".

wangwja at 2007-7-12 2:05:32 > top of Java-index,Security,Cryptography...
# 4

The program is actually for a school assignment, so as long as it works, I'm okay. The lesson is to learn how to use public and private keys, as well as encryption to pass messages back and forth via remote procedure calls. The instructor doesn't really care about the tools we use. And yes, I got the "internal classes" warnings.

Interesting, though, as it appears that there's no official way to programmatically get a certificate. I'll have to study the keytool... er... tool to see how it works. But first I have to get this assignment finished and study for the final exam.

Thanks!

Robert

SleestakKinga at 2007-7-12 2:05:32 > top of Java-index,Security,Cryptography...
Security
Cryptography

Security New Topic

Security Hot Topic

Security

All Classified