Re: Keystore and importing a private key

Jan Luehe (luehe@laguna.eng.sun.com)
Thu, 22 Apr 1999 10:24:27 -0700 (PDT)

Message-Id: <199904221724.KAA19551@laguna.eng.sun.com>
Date: Thu, 22 Apr 1999 10:24:27 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Keystore and importing a private key
To: java-security@java.sun.com, spham@atos-group.com

Sabine:

In the version of "KeyStore.setKeyEntry" that you are using, it
is assumed that the private key has already been encrypted,
since you are not providing an encryption password to the API.

One standard format for encrypted private keys is defined in
PKCS #8 (EncryptedPrivateKeyInfo).

If the private key in "RHpk.b64" is provided in the clear,
you should get an appropriate key factory and convert the
key bytes into a "PrivateKey" object.

Then you pass the generated "PrivateKey" object to the
version of "KeyStore.setKeyEntry" that takes a password,
and provide a password, too.

Jan

> I would like to import a private key into the Keystore. I have an
> exception that I don't really understand :
>
> java.security.KeyStoreException: key is not encoded as
> EncryptedPrivateKeyInfo
> at
> sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:277)
>
> at java.security.KeyStore.setKeyEntry(KeyStore.java:395)
> at testKeystore.main(Compiled Code)
>
>
> I try to insert the private following the code below:
>
> // Insert RH certificat
> InputStream inStream = new FileInputStream("RHcert.b64");
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert =
> (X509Certificate)cf.generateCertificate(inStream);
> inStream.close();
> store.setCertificateEntry("RH", cert);
> System.out.println(cert.toString());
>
> // Insert MusycCA certificat
> inStream = new FileInputStream("MusycCAcert.b64");
> X509Certificate MusycCAcert =
> (X509Certificate)cf.generateCertificate(inStream);
> inStream.close();
> store.setCertificateEntry("MusycCA", MusycCAcert);
> System.out.println(cert.toString());
>
> // Insert private key of RH
> inStream = new FileInputStream("RHpk.b64");
> DataInputStream dis = new DataInputStream(inStream);
> byte[] bytes = new byte[dis.available()];
> dis.readFully(bytes);
> inStream.close();
> java.security.cert.Certificate[] chainCert = {MusycCAcert, cert};
> store.setKeyEntry("RHpk", bytes, chainCert);
>
>
> Where am I wrong?
> Thank you very much for your help.
>
> Sabine.
>
> P.S. : I attach with this mail the 2 certificates and the private key.