Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

extract and save to file certificate and key from pkcs12 file programmatically

 
O. Ziggy
Ranch Hand
Posts: 430
Android Debian VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have a PKCS12 file that i would like to extract a certificate and private key from. Is it possible to extract the key and certificate using java and saving it as a jks file?

The reason i want to use java (programmatically is because) the password for the pkcs12 keystore is in characters than can not really be typed on the command prompt.


thanks in advance.
 
Eric Daly
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible to extract the key and certificate using java and saving it as a jks file?

I would definitely imagine so. I don't know enough about what you're actually trying to do to give you any advice, but tell us more and I'm sure we can help you further if needed.
It sounds like you need to open the file, parse through it to extract the key you're looking for, and then save it in your .jks file. What are you having trouble with exactly?
 
O. Ziggy
Ranch Hand
Posts: 430
Android Debian VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The keystore i have is in PKCS format. I cant use keytool or openssl to view its contents because its password is not the actual password to use.

I am supposed to use the password string to get the MD5 has of this string. The actual password becomes the string from the MD5 bytes of the original string. For example for the string "Baltimore1," the password is ���_>y'?s�3����^

I have been able to use the above password programmatically to view the contents of the p12 keystore.

The problem i have with the above approach is that the libraries i want to use the keystore on (Apache Rampart or WSS4J) expects the password to be stored as plain text. I cant really store the string ���_>y'?s�3����^ in a properties file.

So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.
 
Eric Daly
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.

Well I don't know anything about keystores. It sounds like it should be simple, but I really don't know what you're looking for exactly. I looked up jks keystores, and found something about converting keystores between p12 and jks. It just says this.
Sounds like you need Java 6. Also check out this.
Does that help?
 
Campbell Ritchie
Sheriff
Pie
Posts: 49733
69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not convinced this is a beginners' question. I think this thread would sit better on the security forum, so I shall move you.
 
Aryan Khan
Ranch Hand
Posts: 290
Java Oracle Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why don't you create a JKS or another PKCS12 keystore with a normal password and use keytool to export and import the certificates & keys.

Then use the new keystore. I mean why you need to do it using a program/Java API.

Trying using Keytool. Will make life easier.

Aryan.
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
He needs to do it because he doesn't believe the characters in the password can be typed on a console. I'm not sure if this is strictly true, maybe you can script the password entry using expect or something similar. In any event, you can use the KeyStore class and APIs to do it programmatically. Have a look at KeyStore
 
Shubham Guptas
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.
 
James Sabre
Ranch Hand
Posts: 781
Java Netbeans IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shubham Guptas wrote:I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.



and initialise with your .p12 file.

P.S. I suspect you will get your hand slapped for hijacking this thread.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic