Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Using a PKCS12 key with Java's keytool

843810Nov 9 2001 — edited Jan 7 2002
Folk,

I struggled for the longest time using a PKCS12 key to sign jars / applets with the Java Keytool.

Despite documentation stating otherwise, JDK 1.4 (beta 3) and JSSE 1.0.2 would not let me sign files from a PKCS12 keystore exported from MIE / Netscape, or exported from IBM Http Server Key Management Utility.

Anyway, the solution I found to work was to install the security class libraries from Wedgetail (http://www.wedgetail.com/jcsi/index.html).

Following their instructions I setup my JDK 1.3. vm, allowing me to now read proper PKCS12 key stores.

Having proven that I could now read PKCS12 keystores (using keytool -list -keystore xxxx.p12 -storetype PKCS12). I then set about converting a PKCS12 keystore into a jks keystore. The following simple code will do this job for you, and then you can delete the Wedgetail / JCSI classes / setup and use the output jks keystore file with the standard JRE / JDK security tools such as keytool.

Hope this is useful.

Regards,

Roger Spall (NOSPAMroger@logicent.comSPAM)

import java.security.*;
import java.io.*;
// assumes you are using a 3rd party keystore library
// for pkcs12 key stores. For some reason, JDK 1.4 won't
// read pkcs12 files exported from MIE / Netscape

class Convert {
static public void main(String[] args) throws Exception {
try {
//pkcs12 keystore
KeyStore ks = KeyStore.getInstance("pkcs12");
//jks keystore
KeyStore ks2 = KeyStore.getInstance("jks");

// load the pkcs12 file
ks.load(new FileInputStream("F:\\spall.p12"),"password".toCharArray());

// load the jks file (have to have an existing one)
ks2.load(new FileInputStream("F:\\.keystore"),"password".toCharArray());

//read the p12 certificate
java.security.cert.Certificate [] cc = ks.getCertificateChain("p12alias");
Key k = ks.getKey("p12alias", "password".toCharArray());

// add to keystore and save
ks2.setKeyEntry("keystorealias", k, "password".toCharArray(),cc);
FileOutputStream out = new FileOutputStream("F:\\new.keystore");
ks2.store(out, "password".toCharArray());
out.close();

} catch (Throwable e) { e.printStackTrace(); } } }

Comments

Processing
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Feb 4 2002
Added on Nov 9 2001
#cryptography
1 comment
632 views