I have some problems with KeyStore. I added key to KeyStore and can't get it from there.
My code:
try
{
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom random = new SecureRandom();
keygen.init(128, random);
SecretKey key = keygen.generateKey();
KeyStore ks = KeyStore.getInstance("UBER", "BC");
ks.load(null, pass);
ks.store(new FileOutputStream(path), pass);
ks.setKeyEntry(keyName, key, pass, null);
System.out.println(ks.containsAlias(keyName));
key = null;
KeyStore ks1 = KeyStore.getInstance("UBER", "BC");
ks1.load(new FileInputStream(path), pass);
System.out.println(ks1.containsAlias(keyName));
}
the output is:
true
false
seems like key disapper or I can't load the KeyStore corectly. Do you see any bugs here?
You are saving your keystore before adding keys to it. Swap these two lines:
ks.store(new FileOutputStream(path), pass);
ks.setKeyEntry(keyName, key, pass, null);
So that they are:
ks.setKeyEntry(keyName, key, pass, null);
ks.store(new FileOutputStream(path), pass);
Related
I have generated a keypair of Public-private keys, and am trying to store the privatekey in Java keyStore.
But I am getting error everytime.
My piece of code:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
String ss = Base64.encodeBase64String(cipher.doFinal(ppp.getBytes("UTF-8")));
System.out.println(ss);
// Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// Loading the KeyStore object
char[] ksPassword = "changeit".toCharArray();
String path = "C:/Program Files/Java/jre1.8.0_201/lib/security/cacerts";
java.io.FileInputStream fis = new FileInputStream(path);
keyStore.load(fis, ksPassword);
// Creating the KeyStore.ProtectionParameter object
KeyStore.ProtectionParameter protectionParam = new
KeyStore.PasswordProtection(ksPassword);
// Creating SecretKey object
SecretKey mySecretKey = new SecretKeySpec(ppp.getBytes(), "RSA");
// Creating SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
keyStore.setEntry("mykeyalias", secretKeyEntry, protectionParam);
// Storing the KeyStore object
java.io.FileOutputStream fos = null;
fos = new java.io.FileOutputStream("newKeyStoreName");
keyStore.store(fos, ksPassword);
But i'm getting below exception at the line keyStore.setEntry while running:
java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
at java.security.KeyStoreSpi.engineSetEntry(KeyStoreSpi.java:550)
at sun.security.provider.KeyStoreDelegator.engineSetEntry(KeyStoreDelegator.java:179)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetEntry(JavaKeyStore.java:70)
at java.security.KeyStore.setEntry(KeyStore.java:1557)
at com.sprint.neo.bc4j.util.TestMain.StoringKeys(TestMain.java:33)
Can anyone help to resolve this issue so that I can store Privatekeys to the java keyStore along with an alias name, to be used later. Where is the exact wrong in the above piece of code. Thanks a lot.
I've been trying on this for a couple of days and I'm hopelessly stuck.
To fully understand how java key store works, i've been trying to create my own keystore, put some stuff inside it, then retrieve them from another program.
Here's my keystore generator :
{
//generate a X509 certificate
Security.addProvider(new BouncyCastleProvider());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(new FileInputStream("certificate.cer"));
LOGGER.debug("BouncyCastle provider & X509 certificate added.");
//generate a private & a public key
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
//generate a keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] keyStorePassword = "keystore_password".toCharArray();
ks.load(null, keyStorePassword);
try (FileOutputStream fos = new FileOutputStream("TestKeyStore.jks")) {
ks.store(fos, keyStorePassword);
}
ks.load(new FileInputStream("TestKeyStore.jks"), keyStorePassword);
//Symmetric key
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry((secretKey));
KeyStore.ProtectionParameter protectionParameter = new KeyStore.PasswordProtection(keyStorePassword);
ks.setEntry("symmetric_key", secretKeyEntry, protectionParameter);
//Asymmetric key
X509Certificate[] x509Certificates = new X509Certificate[1];
x509Certificates[0] = certificate;
ks.setKeyEntry("asymmetric key", priv, keyStorePassword, x509Certificates);
//certificate
ks.setCertificateEntry("test_certif", certificate);
Key key = ks.getKey("symmetric_key", keyStorePassword);
System.out.println("I have this symmetric key : " + key);
X509Certificate certificate1 = (X509Certificate) ks.getCertificate("test_certif");
System.out.println("I have this certificate : " + certificate1);
System.out.println(ks.aliases().nextElement());
LOGGER.debug("all went well");
}
As you probably noticed, it's not all polished: my goal for now is only to put some stuff inside the keystore. But the point here, from the last System.out.println(ks.aliases().nextElement());, is just to see there is indeed something inside the keystore. And this is working just fine, it gives back symmetric_key.
Now, from the same folder is another class that is supposed to read from that keystore.
Note: there is no issue regarding the file (I've tested by moving its localization) so it can't be that.
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] keyStorePassword = "keystore_password".toCharArray();
ks.load(new FileInputStream("TestKeyStore.jks"), keyStorePassword);
System.out.println(ks.containsAlias("symmetric_key"));
This always gets me: false
If I try this: System.out.println(ks.aliases());, it's always null
If I try this:
if (!keystore.aliases().hasMoreElements()) {
System.out.println("nothing inside the keystore");
}
it gives me back nothing inside the keystore.
Even though it's not the case in the generator.
Any clue?
Thank you
The problem is that you are setting the entries after writing the keystore.
If you move:
try (FileOutputStream fos = new FileOutputStream("TestKeyStore.jks")) {
ks.store(fos, keyStorePassword);
}
Till after this line:
ks.setCertificateEntry("test_certif", certificate);
Everything should work fine.
Bellow you have an working example with some code removed for clarity:
public static void main(String[] args) throws Exception{
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
final KeyPair keyPair = keyGen.genKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
//generate a keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] keyStorePassword = PASSWORD;
ks.load(null, keyStorePassword);
X509Certificate[] chain = {generateCertificate("cn=Unknown", keyPair, 365, "SHA256withRSA")};
// saving one keypair in keystore object
ks.setKeyEntry("asymmetric key", keyPair.getPrivate(), keyStorePassword, chain);
//Symmetric key
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry((secretKey));
KeyStore.ProtectionParameter protectionParameter = new KeyStore.PasswordProtection(keyStorePassword);
// saving symmetric key in keystore object
ks.setEntry("symmetric_key", secretKeyEntry, protectionParameter);
// Saving our keystore object into the filesystem
try (FileOutputStream fos = new FileOutputStream("TestKeyStore.p12")) {
ks.store(fos, keyStorePassword);
}
// The rest of the code
}
The reason why it works in the method that saves the keystore is because the changed keystore is still in memory, but not on the filesystem. Also, since you are creating a PKCS12 keystore, I would avoid the .jks extension and go for something like .pkcs12.
I am trying to retrieve a stored key in java key store. I have written the following code.
public class clientEncryptionUtility
{
public static void generateKeyAndStoreOnKeyStore(String _keyStorePassword, String _keyStorePath, String _keyPassword, String keyAlias) throws Exception // take the keystore path, alias, password
{
KeyStore keyStore = KeyStore.getInstance("JCEKS");
char[] keyStorePassword = _keyStorePassword.toCharArray();
String path = _keyStorePath;
FileInputStream fis = new FileInputStream(path);
//load keystore
keyStore.load(fis, keyStorePassword);
//Loading the KeyStore object
KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(keyStorePassword);
//Generate the symmetric key for encryption
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = new SecureRandom();
int keyBitSize = 128;
keyGenerator.init(keyBitSize, secureRandom);
SecretKey secretKey = keyGenerator.generateKey(); //Secret encryption key is genereated
//setting the password for the key stored in keystore
System.out.println("Algorithm used to generate key : "+secretKey.getAlgorithm());
char[] keyPassword = _keyPassword.toCharArray();
KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(keyPassword);
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);
keyStore.setEntry(keyAlias, secretKeyEntry, entryPassword);
SecretKey newSecretKey = (SecretKey) keyStore.getKey(keyAlias, keyPassword);
String stringKey = newSecretKey.toString();
System.out.println("The encryption key at the alias is: " + stringKey);
}
public static void getKeyFromKeyStore(String _keyStorePassword, String _keyStorePath, String keyAlias, String _keyPassword) throws Exception
{
KeyStore keyStore = KeyStore.getInstance("JCEKS");
char[] keyStorePassword = _keyStorePassword.toCharArray();
String path = _keyStorePath;
FileInputStream fis = new FileInputStream(path);
//load keystore
keyStore.load(fis, keyStorePassword);
char[] keyPassword = _keyPassword.toCharArray();
SecretKey secretKey = (SecretKey) keyStore.getKey(keyAlias, keyPassword);
// Key key = keyStore.getKey(keyAlias, keyPassword);
String stringKey = secretKey.toString();
System.out.println("The encryption key at the alias is: " + stringKey);
}
}
-If I call the generateKeyAndStoreOnKeyStore() method, and store the key and retrieve the key in the same function, the key is retrieved.
-However if I do the same from another method getKeyFromKeyStore() wherein I am just trying to retrieve the key at the alias from the keystone, I get a nullPointerException.
-Where am I going wrong?
Unfortunately it's not clear from the javadocs that you must call the KeyStore.store(...) method to persist changes to the keystore. Once generateKeyAndStoreOnKeyStore() exits, the KeyStore instance created there goes out of scope and any unsaved changes made to the keystore disappear.
Call the KeyStore.store(...) method after making changes.
I am using Java keystore to store the secret key for AES encryption.
final String strToEncrypt = "Hello World";
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey sk = kg.generateKey();
String secretKey = String.valueOf(Hex.encodeHex(sk.getEncoded()));
//Storing AES Secret key in keystore
KeyStore ks = KeyStore.getInstance("JCEKS");
char[] password = "keystorepassword".toCharArray();
java.io.FileInputStream fis = null;
try {
fis = new java.io.FileInputStream("keyStoreName");
ks.load(fis, password);
} finally {
if (fis != null) {
fis.close();
}
KeyStore.ProtectionParameter protParam =
new KeyStore.PasswordProtection(password);
KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(sk);
ks.setEntry("secretKeyAlias", skEntry, protParam);
But i am getting following Exception.
Exception in thread "main" java.security.KeyStoreException: Uninitialized keystore
at java.security.KeyStore.setEntry(Unknown Source)
How to fix this error? Thanks in advance
According to the KeyStore documentation ,
Before a keystore can be accessed, it must be loaded.
so you are loading the KeyStore but what if a FileNotFoundException occures at
fis = new java.io.FileInputStream("keyStoreName"); , hence if file does not exist we load the KeyStore with null values ,like , ks.load(null,null); .
I have function which creates big-integer values. I want to use these values as secret-keys entries to the Keystore. I want to know if there is way of adding these Big-integer values as secret keys to the keystore. I tried to cast cast big-integer value to secret-key but it am getting an error that big-integer could not be casted to secret-key. here is the bestI have got so far.
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = "ps".toByteArray();
ks.load(null, password);
....
BigInteger sect=getsect();
javax.crypto.SecretKey mySecretKey=(SecretKey)sect;
KeyStore.SecretKeyEntry skEntry =
new KeyStore.SecretKeyEntry(mySecretKey);
ks.setEntry("secretKeyAlias", skEntry,
new KeyStore.PasswordProtection(password));
since this is not working I do not know how I could add a value I wish as secretkey to the keystore. below is the error message I am getting
java.math.BigInteger cannot be cast to javax.crypto.SecretKey
a tutorials
generateSecret() api
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey passwordKey = kf.generateSecret(keySpec);